VulnerableCode Package Details - pkg:alpm/archlinux/lib32-libcurl-compat@7.78.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-bdy2-8gub-tfe6 Aliases: CVE-2021-22945	Double Free When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.	7.79.0-1 Affected by 0 other vulnerabilities.
VCID-sh5a-fmna-wffr Aliases: CVE-2021-22946	Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.	7.79.0-1 Affected by 0 other vulnerabilities.
VCID-t4gn-9fw8-gkc3 Aliases: CVE-2021-22947	Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.	7.79.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-bdy2-8gub-tfe6
Aliases:
CVE-2021-22945

Double Free When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

7.79.0-1
Affected by 0 other vulnerabilities.

VCID-sh5a-fmna-wffr
Aliases:
CVE-2021-22946

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

7.79.0-1
Affected by 0 other vulnerabilities.

VCID-t4gn-9fw8-gkc3
Aliases:
CVE-2021-22947

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

7.79.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hudt-78dw-tkf2	Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.	CVE-2021-22925
VCID-y32p-52ps-4ug4	Use of Incorrectly-Resolved Name or Reference libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function does not take `issuercert` into account and it compared the involved paths case insensitively, which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn't include the `issuer cert` which a transfer can set to qualify how to verify the server certificate.	CVE-2021-22924

Vulnerability

Summary

Aliases

VCID-hudt-78dw-tkf2

Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

CVE-2021-22925

VCID-y32p-52ps-4ug4

Use of Incorrectly-Resolved Name or Reference libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function does not take `issuercert` into account and it compared the involved paths *case insensitively*, which could lead to libcurl reusing wrong connections. File paths are, or can be, case sensitive on many systems but not all, and can even vary depending on used file systems. The comparison also didn't include the `issuer cert` which a transfer can set to qualify how to verify the server certificate.

CVE-2021-22924

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:39.430513+00:00	Arch Linux Importer	Fixing	VCID-y32p-52ps-4ug4	https://security.archlinux.org/AVG-2197	38.0.0
2026-04-01T18:26:39.403802+00:00	Arch Linux Importer	Fixing	VCID-hudt-78dw-tkf2	https://security.archlinux.org/AVG-2197	38.0.0
2026-04-01T18:25:21.777324+00:00	Arch Linux Importer	Affected by	VCID-bdy2-8gub-tfe6	https://security.archlinux.org/AVG-2387	38.0.0
2026-04-01T18:25:21.751105+00:00	Arch Linux Importer	Affected by	VCID-sh5a-fmna-wffr	https://security.archlinux.org/AVG-2387	38.0.0
2026-04-01T18:25:21.725031+00:00	Arch Linux Importer	Affected by	VCID-t4gn-9fw8-gkc3	https://security.archlinux.org/AVG-2387	38.0.0