Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2021-22945

Disclosure Date: September 23, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.1 Critical
Impact Score:
5.2
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • apple,
  • debian,
  • fedoraproject,
  • haxx,
  • netapp,
  • oracle,
  • siemens,
  • splunk

Products

  • cloud backup -,
  • clustered data ontap -,
  • debian linux 11.0,
  • fedora 33,
  • fedora 35,
  • h300e firmware -,
  • h300s firmware -,
  • h410s firmware -,
  • h500e firmware -,
  • h500s firmware -,
  • h700e firmware -,
  • h700s firmware -,
  • libcurl,
  • macos,
  • mysql server,
  • sinec ins,
  • solidfire baseboard management controller firmware -,
  • universal forwarder,
  • universal forwarder 9.1.0
Technical Analysis