How I made a heap overflow in curl (daniel.haxx.se)
In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH....
How I made a heap overflow in curl | daniel.haxx.se (daniel.haxx.se)
The Gemini protocol seen by this HTTP client person (daniel.haxx.se)
the Apple curl security incident 12604 (daniel.haxx.se)
On December 28 2023, bugreport 12604 was filed in the curl issue tracker. We get a lot issues filed most days so this fact alone was hardly anything out of the ordinary. We read the reports, investigate, ask follow-up questions to see what we can learn and what we need to address.
CVE-2020-19909 Is Everything That Is Wrong With Cves (daniel.haxx.se)
It was obvious already before that NVD really does not try very hard to actually understand or figure out the problem they grade. In this case it is quite impossible for me to understand how they could come up with this severity level. It’s like they saw “integer overflow” and figure that wow, yeah that is the most...
The I in LLM stands for intelligence | daniel.haxx.se (daniel.haxx.se)
En resumen: los mantenedores del proyecto Curl y libcurl ofrecen dinero por encontrar vulnerabilidades de seguridad (bug bounty, pero sólo de seguridad)....
Making it harder to do wrong | daniel.haxx.se (daniel.haxx.se)
An interesting blog post by @bagder about security in curl
CVE-2020-19909 ist everything that is wrong with CVES (daniel.haxx.se)
the Apple curl security incident 12604 | daniel.haxx.se (daniel.haxx.se)
Curl on 100 operating systems | daniel.haxx.se (daniel.haxx.se)
Curl on 100 operating systems | daniel.haxx.se (daniel.haxx.se)
CURL ON 100 OPERATING SYSTEMS DISCUSSION
CVE-2020-19909 is everything that is wrong with CVEs | daniel.haxx.se (daniel.haxx.se)
Archive.today link...
CVE-2020-19909 is everything that is wrong with CVEs (daniel.haxx.se)
This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system.