The curl logic that works with SASL authentication could end up cleaning up
the GSASL context *twice* without clearing the pointer in between, making it
`free()` the same pointer twice.

Project Subscriptions

Vendors Products
Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8487-1 curl vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 03 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 03 Jul 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 03 Jul 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Curl
Curl curl
Vendors & Products Curl
Curl curl

Fri, 03 Jul 2026 06:45:00 +0000

Type Values Removed Values Added
Description The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.
Title SASL double-free
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: curl

Published:

Updated: 2026-07-03T06:15:25.448Z

Reserved: 2026-05-19T08:11:49.032Z

Link: CVE-2026-8925

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T20:45:16Z

Weaknesses

No weakness.