VDB

ALPINE-CVE-2021-22945

ALPINE-CVE-2021-22945 PUBLISHED CVSS 9.100000381469727 CRITICAL

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

Risk Scores

CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.21curl7.78.0-r2, 7.78.0-r1, 7.78.0-r0
Alpine:v3.11curl0, 7.67.0-r5, 7.67.0-r4
Alpine:v3.13curl7.52.0-r0, 7.51.0-r0, 7.50.3-r1
Alpine:v3.15curl7.19.4-r0, 7.19.5-r0, 7.19.6-r0
Alpine:v3.19curl7.56.1-r0, 7.55.1-r0, 7.55.0-r0
Alpine:v3.22curl7.31.0-r0, 7.32.0-r0, 7.34.0-r0
Alpine:v3.17curl7.21.7-r2, 7.29.0-r0, 7.21.7-r0
Alpine:v3.18curl7.21.5-r1, 7.51.0-r0, 7.41.0-r0
Alpine:v3.16curl7.21.6-r0, 0, 7.19.2-r0
Alpine:v3.20curl7.23.1-r0, 7.78.0-r2, 7.78.0-r1
Alpine:v3.14curl7.21.5-r1, 0, 7.19.2-r0
Alpine:v3.23curl7.22.0-r0, 7.49.0-r0, 7.37.1-r0
Alpine:v3.12curl7.19.2-r1, 7.19.4-r0, 7.19.5-r0

Timeline

  • Sep 23, 2021 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›