Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Some questions about CVE-2022-42915
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: 陈星杵 via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 22 Dec 2024 18:08:36 +0800 (GMT+08:00)
Good morning! Sorry to bother you. I notice that CVE-2022-42915 is a double free vulnerability. So the introduce commit should include two free operation. But the commit 51c0ebcff2140c3 [1] in the website [2] only has one free operation in lib/http_proxy.c. And I found the 14a2ca85ec [3] has two free operation because it's latter than 51c0ebcff2140c3. So I want to know the reason why 51c0ebcff2140c3 is the vulnerability introduce commit?
Thanks for your time!
[1] https://github.com/curl/curl/commit/51c0ebcff2140c3
[2] https://curl.se/docs/CVE-2022-42915.html
[3] https://github.com/curl/curl/commit/14a2ca85ec
Date: Sun, 22 Dec 2024 18:08:36 +0800 (GMT+08:00)
Good morning! Sorry to bother you. I notice that CVE-2022-42915 is a double free vulnerability. So the introduce commit should include two free operation. But the commit 51c0ebcff2140c3 [1] in the website [2] only has one free operation in lib/http_proxy.c. And I found the 14a2ca85ec [3] has two free operation because it's latter than 51c0ebcff2140c3. So I want to know the reason why 51c0ebcff2140c3 is the vulnerability introduce commit?
Thanks for your time!
[1] https://github.com/curl/curl/commit/51c0ebcff2140c3
[2] https://curl.se/docs/CVE-2022-42915.html
[3] https://github.com/curl/curl/commit/14a2ca85ec
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-12-22