pnutzh4x0r@lemmy.ndlug.org to

Open Source@lemmy.mlEnglish · 1 year ago

How I made a heap overflow in curl

6

90

How I made a heap overflow in curl

pnutzh4x0r@lemmy.ndlug.org to

Open Source@lemmy.mlEnglish · 1 year ago

6

How I made a heap overflow in curl | daniel.haxx.se

In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH.

While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw works and how it happened.

Chat

macallik@kbin.social
link
fedilink
arrow-up
3·
1 year ago
Hmmmm. Maybe this is why Debian pushed a curl update today even though it was also upgraded in 12.2 four days ago
- 7heo@lemmy.ml
  link
  fedilink
  arrow-up
  4·
  1 year ago
  AFAIK it was already communicated to maintainers for a few days already

Open Source@lemmy.ml

opensource@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

326 users / day
1.75K users / week
4.61K users / month
13.5K users / 6 months
1 local subscriber
30.6K subscribers
1.63K Posts
27.7K Comments
Modlog