CVE-2026-8925 PUBLISHED

SASL double-free

Assigner: curl
Reserved: 19.05.2026 Published: 03.07.2026 Updated: 03.07.2026

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free() the same pointer twice.

Product Status

Vendor curl
Product curl
Versions Default: unaffected
  • affected from 8.20.0 to 8.20.0 (incl.)
  • affected from 8.19.0 to 8.19.0 (incl.)
  • affected from 8.18.0 to 8.18.0 (incl.)
  • affected from 8.17.0 to 8.17.0 (incl.)
  • affected from 8.16.0 to 8.16.0 (incl.)
  • affected from 8.15.0 to 8.15.0 (incl.)

Credits

  • Joshua Rogers (Aisle Research) finder
  • Viktor Szakats remediation developer

References

Problem Types

  • CWE-415 Double Free