CVE-2025-0665 | THREATINT

Description

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

PUBLISHED Reserved 2025-01-23 | Published 2025-02-05 | Updated 2025-03-18 | Assigner curl

Problem types

CWE-1341 Multiple Releases of Same Resource or Handle

Product status

Default status

unaffected

8.11.1 (semver)

affected

Credits

Christian Heusel finder

Andy Pan remediation developer

References

www.openwall.com/lists/oss-security/2025/02/05/2

www.openwall.com/lists/oss-security/2025/02/05/5

security.netapp.com/advisory/ntap-20250306-0007/

curl.se/docs/CVE-2025-0665.json (json)

curl.se/docs/CVE-2025-0665.html (www)

hackerone.com/reports/2954286 (issue)

cve.org (CVE-2025-0665)

nvd.nist.gov (CVE-2025-0665)

Download JSON