Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Nov 2015 13:40:30 +0100
From: Kristian Fiskerstrand <>
Subject: CVE Request: pycurl use after free fixed in version

Dear all,

pycurl reports fixing a use after free in version[0]

* Fixed a use after free in HTTPPOST when using FORM_BUFFERPTR with
  a Unicode string (patch by Clint Clayton).

This seems to be in the file src/easy.c fixed in commit

I haven't looked into the code in any detail for exploitability, but
my understanding is that use-after-free generally gets assigned a CVE
based on CWE 416[2], if so may you please assign a CVE to this issue?


Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP key 0xE3EDFAE3 at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"At 18 our convictions are hills from which we look; At 45 they are
caves in which we hide."
(F. Scott Fitzgerald)

Download attachment "signature.asc" of type "application/pgp-signature" (456 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ