libcurl can be tricked into using already freed memory when a new TLS session is negotiated or a client certificate is requested on an existing connection. For example, this can happen when a TLS server requests a client certificate on a connection that was established without one. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. https://curl.se/docs/CVE-2021-22901.html CREATE(Triage):(User=admin) CVE-2021-22901 (https://nvd.nist.gov/vuln/detail/CVE-2021-22901)