Search
Items tagged with: hackerone
The original #hackerone report for #curl's CVE-2024-7264: ASN.1 date parser overread is now published:
curl disclosed on HackerOne: CVE-2024-7264: ASN.1 date parser overread
## Summary: When a specially-crafted certificate is passed to `Curl_extract_certinfo` to parse, it may read bytes beyond the end of the buffer in which the certificate is held. According to the...HackerOne
curl disclosed on HackerOne: CVE-2024-0853: OCSP verification...
## Summary: In version 8.5.0, cURL has inadvertently established a pathway for accepting revoked certificates. As a result of [this...HackerOne
For details on the #curl PSL vulnerability, check out the #hackerone report. And if you use libpsl, double-check that your use is correct: hackerone.com/reports/2212193
Two mentioned projects in this report in particular should check their code.
curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...
## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...HackerOne
We disclosed this #hackerone report against #curl when someone asked Bard to find a vulnerability, and it hallucinated together something:
curl disclosed on HackerOne: [Critical] Curl CVE-2023-38545...
## Summary: Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet ## Steps To Reproduce: To replicate the issue, I have searched in the Bard about this vulnerability. It...HackerOne