Let me give you another peek into the everyday work of the #curl security team. A reported UAF we deem not a security problem:
curl disclosed on HackerOne: Use after free (read) in...
## Summary: [summary of the vulnerability] There is a use after free in `curl_multi_perform` when DoH resolver timeouts and `CURLOPT_PROXY` is used (see reproducer and stack trace) I found it via...HackerOne
This entry was edited (3 weeks ago)
Joshua J. Drake
in reply to daniel:// stenberg:// • • •