Vulnerability Research – Null pointer dereference in Curl
The heart of the vulnerability lies within the code of the idn module, where the function idn_decode() becomes the focal point of concern. This function, when called, inadvertently passes a null value to the *decoded pointer, which later encounters issues during execution, as evidenced by the Curl_idn_free() function.