The libcurl API function called curl_maprintf()
before version 7.51.0 can be tricked into doing a double-free due to an unsafe size_t
multiplication, on systems using 32 bit size_t
variables.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Curl | Haxx | * | 7.51.0 (excluding) |