Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
libcurl 资源管理错误漏洞
Vulnerability Description
libcurl是一款用于从服务器传输数据或向服务器传输数据的工具。 libcurl 存在安全漏洞,该漏洞源于libcurl 提供了使用 SHA 256 哈希验证 SSH 服务器公钥的功能,当此检查失败时,libcurl 会在返回包含(现已释放的)哈希的错误消息之前释放指纹的内存,导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A