A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
| Vendor | Product | Versions |
|---|---|---|
| curl | libcurl | 8.20.0, 8.19.0, 8.18.0, 8.17.0, 8.16.0, 8.15.0, 8.14.1, 8.14.0, 8.13.0, 8.12.1, 8.12.0, 8.11.1, 8.11.0, 8.10.1, 8.10.0, 8.9.1, 8.9.0, 8.8.0, 8.7.1, 8.7.0, 8.6.0, 8.5.0, 8.4.0, 8.3.0, 8.2.1, 8.2.0, 8.1.2, 8.1.1, 8.1.0, 8.0.1, 8.0.0, 7.88.1, 7.88.0 |