Wind River Support Network


LIN1021-360 : Security Advisory - curl - CVE-2021-22901

Created: May 26, 2021    Updated: Aug 24, 2021
Resolved Date: Aug 23, 2021
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


libcurl can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client.

CREATE(Triage):(User=admin) [CVE-2021-22901|]


Live chat