Home

Description

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

PUBLISHED Reserved 2026-03-08 | Published 2026-03-11 | Updated 2026-03-11 | Assigner curl

Problem types

CWE-416 Use After Free

Product status

Default status
unaffected

8.18.0 (semver)
affected

8.17.0 (semver)
affected

8.16.0 (semver)
affected

8.15.0 (semver)
affected

8.14.1 (semver)
affected

8.14.0 (semver)
affected

8.13.0 (semver)
affected

Credits

Daniel Wade finder

Stefan Eissing remediation developer

References

www.openwall.com/lists/oss-security/2026/03/11/4

curl.se/docs/CVE-2026-3805.json (json)

curl.se/docs/CVE-2026-3805.html (www)

hackerone.com/reports/3591944 (issue)

cve.org (CVE-2026-3805)

nvd.nist.gov (CVE-2026-3805)

Download JSON