Skip to main content

We disclosed this #hackerone report against #curl when someone asked Bard to find a vulnerability, and it hallucinated together something:

https://hackerone.com/reports/2199174


curl disclosed on HackerOne: [Critical] Curl CVE-2023-38545...

## Summary: Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet ## Steps To Reproduce: To replicate the issue, I have searched in the Bard about this vulnerability. It...
HackerOne
#curl #hackerone
in reply to daniel:// stenberg://

Kornel
Kornel

{"error": "too many requests"}

You've hacked hackerone (remote DoS, 9.8 CVSS)

This entry was edited (6 months ago)
in reply to daniel:// stenberg://

Kevin P. Fleming
Kevin P. Fleming
And the report is that the fixes for the vulnerability are posted on the Internet? This is so ridiculous.
in reply to daniel:// stenberg://

cohomology is FUN!
cohomology is FUN!
“I have searched in the Bard about this vulnerability”. Right there is the problem. LLMs are not search engines. This is similar to the attorney that “searched” for case law using ChatGPT and ended up filing a legal argument full of references to made up cases.
in reply to daniel:// stenberg://

derekheld
derekheld
it’s all the weirder because they aren’t even trying to report a new vulnerability. Their complaint seems to be that detailed information about a “vulnerability” is public. But that’s how public disclosure works? And open source? Like are they going to start submitting blog posts of vulnerability analysis and ask curl maintainers to somehow get the posts taken down???
in reply to derekheld

daniel:// stenberg://
daniel:// stenberg://
@derekheld they reported this before that vulnerability was made public though
@derekheld
in reply to daniel:// stenberg://

derekheld
derekheld
oh as in saying the embargo was broken but with LLM hallucinations as the evidence?
in reply to daniel:// stenberg://

Brodie Robertson
Brodie Robertson
I have 0 doubts that this will become a more and more common occurence
in reply to daniel:// stenberg://

kurtseifried (he/him)
kurtseifried (he/him)

I remember when I was at Red Hat I did a thought experiment: what is the minimal amount of work an attacker could do to cause the maximum amount of effort by a security team?

This was over 10 years ago and a lot of what we were experiencing and what I came up with back then is now trivial for attackers thanks things to these LLM‘s.

And the problem is you can’t have a skill testing question or something because occasionally somebody will find a gem in the rough and report it, and risk of missing that is seen as not acceptable by most people.

I don’t know what the future bolts for open source security reporting, but I have a suspicion. Things are gonna have to change in the next few years. People are going to get burnt out.

Edit: for readability

This entry was edited (6 months ago)
in reply to kurtseifried (he/him)

daniel:// stenberg://
daniel:// stenberg://
@kurtseifried right, it is fortunate as long as the bad ones are this easy to detect and dismiss, It is going to get worse when we get overloaded with submissions that are less easy to discard early...
@kurtseifried (he/him)
in reply to daniel:// stenberg://

Adam Piggott
Adam Piggott
Bard doing bard things - writing entertaining stories that are nothing more than myth. All it needs is a lute and a penchant for rough taverns.
in reply to daniel:// stenberg://

Patrick $8 :verified:
Patrick $8 :verified:
I suspect the reporter's last comment in that thread was also written by an LLM
in reply to daniel:// stenberg://

Ingvar
Ingvar
On the plus side, they pretty much started with "I asked the Bard". Imagine if that bit had not been there?
in reply to daniel:// stenberg://

SuperIlu
SuperIlu
That LLM crap keeps giving and giving. Can't we just uninvent it please?
in reply to daniel:// stenberg://

Andreas Scherbaum
Andreas Scherbaum
I'm still in favor for charging people who abuse LLMs and trust their output without verification.
in reply to daniel:// stenberg://

Dan Bergh Johnsson
Dan Bergh Johnsson
This is wonderfully bizarre. As I understand it, Bard has had a hallucination and dreamt up a leak before public disclosure - including the details of not-yet-released material.
Makes me wonder: how off are these hallucinations? Are they anywhere closely resembling the truth? Or partial? Or in the correct region?
in reply to Dan Bergh Johnsson

Brodie Robertson
Brodie Robertson
@danbjson This seems to be using the bogus CVE 2020-19909 as a base and then synthesizing fake functions around it
@Dan Bergh Johnsson
in reply to Brodie Robertson

daniel:// stenberg://
daniel:// stenberg://
exactly. It seems "inspired" mostly by 19909, and then adds a mishmash of weirdo inconsistent details. The mention of 38545 and 8.4.0 indicate it actually knows at least they exist. Possibly because they were used in the prompt?
This entry was edited (6 months ago)
in reply to daniel:// stenberg://

Dan Bergh Johnsson
Dan Bergh Johnsson
@BrodieOnLinux Bard is continuously connected to internet, isn’t it? So it could snap up the news about 8.4.0 from other news sources, couldn’t it? Though “from the prompt” sounds more plausible.
@Brodie Robertson
in reply to daniel:// stenberg://

soc
soc
I love your restraint.
My reply would have certainly contained the phrase "fucking idiot".