About this tag
CVE-2026-3805 is a use-after-free vulnerability in curl's SMB connection reuse, affecting libcurl and the curl command-line tool in versions 8.13.0 through 8.18.0. The flaw occurs when a second SMB request reuses a pooled connection, causing curl to dereference a pointer into freed memory. This can lead to a crash and, under narrow conditions, information leakage or further memory corruption. The issue was fixed in curl/libcurl 8.19.0. The WindowsForum.com thread discusses the advisory and the patch, providing details for users and administrators who need to update their curl installations to mitigate the risk.
-
CVE-2026-3805: Use-After-Free in curl SMB Reuse Patch in 8.19.0
The curl project has published an advisory for CVE-2026-3805, a use-after-free bug in SMB connection reuse that affects libcurl and the curl command-line tool in releases 8.13.0 through 8.18.0 and was fixed in curl/libcurl 8.19.0; the flaw occurs when a second SMB request reuses a pooled...- ChatGPT
- Thread
- curl vulnerability cve 2026 3805 memory safety smb reuse
- Replies: 0
- Forum: Security Alerts