<Vulnerability name="CVE-2026-8925">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Important</ThreatSeverity>
    <PublicDate>2026-07-03T06:15:25</PublicDate>
    <Bugzilla id="2496762" url="https://bugzilla.redhat.com/show_bug.cgi?id=2496762" xml:lang="en:us">
curl: curl: Double-free vulnerability in SASL authentication
    </Bugzilla>
    <CVSS3 status="verified">
        <CVSS3BaseScore>8.1</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-1341</CWE>
    <Details xml:lang="en:us" source="Mitre">
The curl logic that works with SASL authentication could end up cleaning up
the GSASL context *twice* without clearing the pointer in between, making it
`free()` the same pointer twice.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in curl. The logic handling SASL (Simple Authentication and Security Layer) authentication could lead to a double-free vulnerability. This occurs because the GSASL context may be deallocated twice without clearing the pointer, potentially leading to memory corruption. An attacker could exploit this to cause a denial of service or potentially execute arbitrary code.
    </Details>
    <Statement xml:lang="en:us">
This Important flaw in curl's SASL authentication logic could lead to a double-free vulnerability, potentially resulting in memory corruption, denial of service, or arbitrary code execution. The impact is significant as curl is a widely used utility in Red Hat environments, and SASL authentication is a common enterprise configuration. Exploitation requires an attacker to interact with a service utilizing the vulnerable SASL authentication within curl. Exploitation of this flaw requires controlling which memory is addressed in the second free call and this is unlikely to be possible.
    </Statement>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
    </Mitigation>
    <AffectedRelease cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <ReleaseDate>2026-06-24T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:29017">RHSA-2026:29017</Advisory>
        <Package name="curl-main">curl-main-8.21.0-0.1.hum1</Package>
    </AffectedRelease>
    <AffectedRelease cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <ReleaseDate>2026-07-02T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:34975">RHSA-2026:34975</Advisory>
        <Package name="rust-main">rust-main-1.96.1-1.hum1</Package>
    </AffectedRelease>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Affected</FixState>
        <PackageName>curl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Affected</FixState>
        <PackageName>curl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Affected</FixState>
        <PackageName>curl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Affected</FixState>
        <PackageName>curl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Affected</FixState>
        <PackageName>curl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Affected</FixState>
        <PackageName>rhcos</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_devspaces:3">
        <ProductName>Red Hat OpenShift Dev Spaces</ProductName>
        <FixState>Affected</FixState>
        <PackageName>devspaces/code-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:trusted_profile_analyzer:2">
        <ProductName>Red Hat Trusted Profile Analyzer</ProductName>
        <FixState>Affected</FixState>
        <PackageName>rhtpa/rhtpa-trustification-service-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-8925
https://nvd.nist.gov/vuln/detail/CVE-2026-8925
https://curl.se/docs/CVE-2026-8925.html
https://curl.se/docs/CVE-2026-8925.json
https://hackerone.com/reports/3735193
    </References>
</Vulnerability>