Fluid Attacks Database

Description

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	curl	=8.14.1-2 \|\| =8.14.1-2+deb13u1 \|\| =8.14.1-2+deb13u2 \|\| =8.14.1-2+deb13u2~bpo13+1 \|\| =8.14.1-2+exp1 \|\| =8.15.0-1 \|\| =8.15.0-1~bpo13+1 \|\| =8.15.0-1~exp1 \|\| =8.15.0~rc1-1exp1 \|\| =8.15.0~rc2-1~exp1 \|\| =8.15.0~rc3-1~exp1 \|\| =8.16.0-1 \|\| =8.16.0-1+exp1 \|\| =8.16.0-1~bpo13+1 \|\| =8.16.0-2 \|\| =8.16.0-3 \|\| =8.16.0-4 \|\| =8.16.0-4~bpo13+1 \|\| =8.16.0~rc1-1~exp1 \|\| =8.16.0~rc2-1 \|\| =8.16.0~rc2-2 \|\| =8.16.0~rc3-1 \|\| =8.17.0-1 \|\| =8.17.0-2 \|\| =8.17.0-3 \|\| =8.17.0~rc1-1~exp1 \|\| =8.17.0~rc2-1 \|\| =8.17.0~rc3-1 \|\| =8.18.0-1 \|\| =8.18.0-1~bpo13+1 \|\| =8.18.0-2 \|\| =8.18.0~rc1-1+exp1 \|\| =8.18.0~rc2-1 \|\| =8.18.0~rc3-1 \|\| =8.19.0-1 \|\| =8.19.0-1+exp1 \|\| =8.19.0-1~bpo13+1 \|\| =8.19.0-2 \|\| =8.19.0-3 \|\| =8.19.0-3+exp1 \|\| =8.19.0-3+exp2 \|\| =8.19.0~rc1-1~exp1 \|\| =8.19.0~rc2-1 \|\| =8.19.0~rc2-2 \|\| =8.19.0~rc3-1 \|\| =8.20.0~rc1-1+exp1 \|\| =8.20.0~rc1-1+exp2 \|\| =8.20.0~rc1-1+exp3 \|\| =8.20.0~rc2-1 \|\| =8.20.0~rc2-1+exp1 \|\| =8.20.0~rc3-1 \|\| =8.20.0~rc3-1+exp1	-
debian 14	curl	=8.14.1-2 \|\| =8.14.1-2+exp1 \|\| =8.15.0-1 \|\| =8.15.0-1~bpo13+1 \|\| =8.15.0-1~exp1 \|\| =8.15.0~rc1-1exp1 \|\| =8.15.0~rc2-1~exp1 \|\| =8.15.0~rc3-1~exp1 \|\| =8.16.0-1 \|\| =8.16.0-1+exp1 \|\| =8.16.0-1~bpo13+1 \|\| =8.16.0-2 \|\| =8.16.0-3 \|\| =8.16.0-4 \|\| =8.16.0-4~bpo13+1 \|\| =8.16.0~rc1-1~exp1 \|\| =8.16.0~rc2-1 \|\| =8.16.0~rc2-2 \|\| =8.16.0~rc3-1 \|\| =8.17.0-1 \|\| =8.17.0-2 \|\| =8.17.0-3 \|\| =8.17.0~rc1-1~exp1 \|\| =8.17.0~rc2-1 \|\| =8.17.0~rc3-1 \|\| =8.18.0-1 \|\| =8.18.0-1~bpo13+1 \|\| =8.18.0-2 \|\| =8.18.0~rc1-1+exp1 \|\| =8.18.0~rc2-1 \|\| =8.18.0~rc3-1 \|\| =8.19.0-1~bpo13+1 \|\| =8.19.0~rc1-1~exp1 \|\| =8.19.0~rc2-1 \|\| =8.19.0~rc2-2 \|\| =8.19.0~rc3-1 \|\| >=0 <8.19.0-1	8.19.0-1
rpm rhel9	rust	-	-
rpm rhel9	snphost	-	-
rpm rhel9	trustee-guest-components	-	-
rpm rhel10	curl	-	-
rpm rhel6	curl	-	-
rpm rhel7	curl	-	-
rpm rhel8	curl	-	-
rpm rhel9	curl	-	-

1-10 of 16

Aliases

1. CVE-2026-38052. NVD-2026-38053. OSV-DEBIAN-2026-38054. OSV-2026-38055. OSV-ALPINE-2026-38056. SECURITY-TRACKER-CVE-2026-38057. SECURITY-CVE-2026-3805

References

1. https://github.com/Rat5ak/CVE-2026-3805-curl-SMB-UAF

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.