What the vulnerability does

01Description

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Key dates

02Disclosure timeline

September 23, 2021 CVE published
June 9, 2025 Record updated