GHSA-hf34-v47h-w6m3
A use-after-free vulnerability exists in libcurl when calling curl_easy_pause() inside the event-based CURLMOPT_SOCKETFUNCTION callback. This causes libcurl to use a dangling pointer after its memory has been freed, potentially leading to undefined behavior or memory corruption.
AI Analysis
Technical Summary
The vulnerability (CVE-2026-9080) occurs when curl_easy_pause() is invoked within the event-based CURLMOPT_SOCKETFUNCTION callback in libcurl. This triggers a use-after-free condition where libcurl attempts to store a flag using a struct pointer that has already been freed, resulting in a dangling pointer dereference.
Potential Impact
This use-after-free vulnerability can lead to memory corruption and potentially cause crashes or other undefined behavior in applications using libcurl. No known exploits in the wild have been reported. The exact impact depends on how the affected function is used in the application.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid calling curl_easy_pause() within the event-based CURLMOPT_SOCKETFUNCTION callback to prevent triggering the vulnerability.
GHSA-hf34-v47h-w6m3
Description
A use-after-free vulnerability exists in libcurl when calling curl_easy_pause() inside the event-based CURLMOPT_SOCKETFUNCTION callback. This causes libcurl to use a dangling pointer after its memory has been freed, potentially leading to undefined behavior or memory corruption.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CVE-2026-9080) occurs when curl_easy_pause() is invoked within the event-based CURLMOPT_SOCKETFUNCTION callback in libcurl. This triggers a use-after-free condition where libcurl attempts to store a flag using a struct pointer that has already been freed, resulting in a dangling pointer dereference.
Potential Impact
This use-after-free vulnerability can lead to memory corruption and potentially cause crashes or other undefined behavior in applications using libcurl. No known exploits in the wild have been reported. The exact impact depends on how the affected function is used in the application.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid calling curl_easy_pause() within the event-based CURLMOPT_SOCKETFUNCTION callback to prevent triggering the vulnerability.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-hf34-v47h-w6m3
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-9080"]
- Ecosystems
- []
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a483cb427e9c79719d81f65
Added to database: 07/03/2026, 22:50:28 UTC
Last enriched: 07/03/2026, 23:02:51 UTC
Last updated: 07/04/2026, 00:11:24 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.