CVE-2021-22945: 
MySQL vulnerability analysis and mitigation

CVE-2021-22945 is a critical vulnerability in libcurl versions <= 7.73.0 and 7.78.0 that was disclosed in September 2021. When sending data to an MQTT server, libcurl could erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again, leading to use-after-free and double-free conditions (NVD, curl).

The vulnerability is classified as a double-free (CWE-415) memory corruption issue. It has a CVSS v3.1 base score of 9.1 (CRITICAL) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H, indicating it is network exploitable with low attack complexity and no required privileges or user interaction (NVD).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The high severity rating indicates potential for significant impact on system confidentiality and availability (NetApp Advisory).

The vulnerability was fixed in curl version 7.79.0. Users should upgrade to this version or later to address the issue. Multiple vendors have released patches including Red Hat, Debian, Oracle, Apple and others (Fedora Update, Debian Advisory).