The gist lists 17 security vulnerability reports submitted to curl’s bug bounty program on HackerOne.
Reported issues include buffer overflows, format string vulnerabilities, and memory leaks in various curl components.
Other vulnerabilities involve risky cryptographic algorithms, path traversal through environment variables, and protocol enforcement bypasses.
Some reports cover HTTP/2 CONTINUATION flood, HTTP/3 stream dependency cycle exploits, and double free flaws.
The policy states that reporters submitting AI‐generated sloppy content are instantly banned.
Get notified when new stories are published for "🇺🇸 Hacker News English"