curl disclosed on HackerOne: Buffer Overflow Risk in Curl_inet_ntop...
hackerone.com
*Curl is a software that I love and is an important tool for the world. * *If my report doesn't align, I apologize for that.* The `Curl_inet_ntop` function is designed to convert IP addresses from binary format to human-readable string format, supporting both IPv4 and IPv6. It internally delegates to `inet_ntop4` for IPv4 addresses and `inet_ntop6` for IPv6 addresses. However, insufficient...

Now, with the help of AI, it’s even easier to waste time of open source developers by creating fake security vulnerability reports.

  • Jayjader@jlai.lu
    8·
    3 days ago

    The most infuriating part of the exchange for me is the initial response to the maintainers’ guess of “slop” is to act hurt, betrayed, and to threaten to spread negative press about the project.