Here's the latest #curl hackerone issue I mentioned the other day: hackerone.com/reports/2871792 another one of those "we found a function call so therefore your program must be vulnerable".
Disclosed for educational purposes. Don't do this.
curl disclosed on HackerOne: Buffer Overflow Vulnerability in...
## Summary: The vulnerability in the program arises from a classic buffer overflow, triggered by the unsafe use of the strcpy() function without bounds checking. The program copies data from a...HackerOne
Lex Plt
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Lex Plt • • •Jan Ciger
in reply to daniel:// stenberg:// • • •It most likely was, including all subsequent interactions. That's very likely ChatGPT output.
There are multiple such automated tools in development that "integrate AI" to generate reports, pull request on Github and similar.
99% useless garbage, unfortunately.
Brodie Robertson
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Brodie Robertson • • •Brodie Robertson
in reply to daniel:// stenberg:// • • •Nikita Puzyryov
in reply to daniel:// stenberg:// • • •Troed Sångberg
in reply to daniel:// stenberg:// • • •I wonder how much money you can actually make from spamming bug bounty programs with AI reports.
I'm certain it's more than nothing.
daniel:// stenberg://
in reply to Troed Sångberg • • •codecolorist
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to codecolorist • • •codecolorist
in reply to daniel:// stenberg:// • • •Henri
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Henri • • •jincy quones
in reply to daniel:// stenberg:// • • •thunfisch
in reply to daniel:// stenberg:// • • •