Intel

AIKIDO-2026-621074

pycurl is vulnerable to Use-After-Free

Use-After-Free Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Today

70

High Risk

This Affects:

PYTHONpycurl
7.43.0.2 - 7.45.7
Fixed in 7.46.0
Are you affected? Scan for Free

TL;DR

The pycurl C extension contains multiple memory-safety defects in its curl handle and share object lifecycle management. Use-after-free conditions are reachable through callback paths such as READFUNCTION and WRITEFUNCTION when handles are cleaned up while callbacks still hold references, and error paths in share and easy-handle teardown leak locks and memory, leading to deadlocks or crashes. Under attacker-influenced callback behavior or input data these defects can cause memory corruption or denial of service. The fix corrects the error-path and callback-handling logic to properly manage object lifetimes and release locks.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application uses pycurl callbacks such as READFUNCTION or WRITEFUNCTION, or exercises share and easy-handle cleanup paths.

Background info

pycurl is vulnerable to Use-After-Free in versions 7.43.0.2 - 7.45.7.

How to fix this

Upgrade the pycurl library to the patch version.