GHSA-p8x5-c6c9-8cwx
A vulnerability in curl's SASL authentication logic can cause a double free of the GSASL context pointer. This occurs because the pointer is freed twice without being cleared in between, potentially leading to memory corruption.
AI Analysis
Technical Summary
The curl library contains a flaw in its handling of SASL authentication where the GSASL context pointer may be freed twice due to cleanup logic not clearing the pointer after the first free. This double free vulnerability can result in undefined behavior such as memory corruption or application crashes.
Potential Impact
The vulnerability may lead to memory corruption or crashes in applications using curl with SASL authentication. There is no evidence of known exploits in the wild. The impact is limited to the stability and security of the affected application processes.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should monitor vendor communications for updates.
GHSA-p8x5-c6c9-8cwx
Description
A vulnerability in curl's SASL authentication logic can cause a double free of the GSASL context pointer. This occurs because the pointer is freed twice without being cleared in between, potentially leading to memory corruption.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The curl library contains a flaw in its handling of SASL authentication where the GSASL context pointer may be freed twice due to cleanup logic not clearing the pointer after the first free. This double free vulnerability can result in undefined behavior such as memory corruption or application crashes.
Potential Impact
The vulnerability may lead to memory corruption or crashes in applications using curl with SASL authentication. There is no evidence of known exploits in the wild. The impact is limited to the stability and security of the affected application processes.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should monitor vendor communications for updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-p8x5-c6c9-8cwx
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-8925"]
- Ecosystems
- []
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a483cb527e9c79719d820c9
Added to database: 07/03/2026, 22:50:29 UTC
Last enriched: 07/03/2026, 23:03:12 UTC
Last updated: 07/04/2026, 01:54:16 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.