pycurl is vulnerable to Use-After-Free
70
High Risk
The pycurl C extension contains multiple memory-safety defects in its curl handle and share object lifecycle management. Use-after-free conditions are reachable through callback paths such as READFUNCTION and WRITEFUNCTION when handles are cleaned up while callbacks still hold references, and error paths in share and easy-handle teardown leak locks and memory, leading to deadlocks or crashes. Under attacker-influenced callback behavior or input data these defects can cause memory corruption or denial of service. The fix corrects the error-path and callback-handling logic to properly manage object lifetimes and release locks.
You are affected if you are using a version that falls within the vulnerable range and your application uses pycurl callbacks such as READFUNCTION or WRITEFUNCTION, or exercises share and easy-handle cleanup paths.
pycurl is vulnerable to Use-After-Free in versions 7.43.0.2 - 7.45.7.
Upgrade the pycurl library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant