"Base Score: 9.8 (Critical)"
curl disclosed on HackerOne: Buffer Overflow in cURL Internal...
A critical buffer overflow vulnerability exists in the `curl_msprintf()` function in cURL's internal printf implementation. The function writes formatted output to a user-provided buffer without...HackerOne
James 🌈💜
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Stefan Eissing
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Stefan Eissing • • •gregR ☯
in reply to daniel:// stenberg:// • • •serbant
in reply to daniel:// stenberg:// • • •floyd aka floyd_ch
in reply to daniel:// stenberg:// • • •The attitude of people feeling like they should be able to report a security bug although their understanding of the topic is lousy is crazy.
The amount of explaining to people you have to do as a first level bug bounty triager is brain numbing. And with a C library you are probably in a good position because you scare the worst bug hunters.
And now we get AI slop on top of that. Brilliant.
Stephane
in reply to daniel:// stenberg:// • • •opny721
in reply to daniel:// stenberg:// • • •Henryk Plötz
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Henryk Plötz • • •Aaron Caskey-Demaret
in reply to daniel:// stenberg:// • • •My AI just found a security flaw in curl!
"The code is written in C, which can allow buffer overflows. Therefore curl is riddled with critical buffer overflows
Base rating: 11 (Hypercritical)
"
Do I get my money now?
Oliver Schönrock
in reply to daniel:// stenberg:// • • •lol
That's fucking ridiculous