Show threadStefan Eissing20h ago

@jimfuller doubt as well. I think @seanmonstar would have written about that.

Partial writes are nasty things as they rarely occur in local testing. In #curl we added ways to simulate those some years back and found several bugs that way.

daniel:// stenberg://1d ago

A #curl mountain movie

https://daniel.haxx.se/blog/2026/06/26/a-curl-mountain-movie/

A curl mountain movie

One of my favorite visuals for known vulnerabilities in curl is the mountain. It shows how many currently known vulnerabilities were present in the code through-out curl's history. In the end of June 2026 it looks like this: Over time we get more vulnerabilities reported. Since every flaw has a version range during which the … Continue reading A curl mountain movie →

daniel.haxx.se
daniel:// stenberg://1d ago

The #curl vulnerability mountain development timeline

A first public version.

https://youtu.be/aa0TQU0J8yc

The curl vulnerability mountain development timeline

YouTube
Stefan Eissing1d ago

HackerOne reporter: "But you assigned a CVE to something similar in 2013!"

Really now?
#curl

AllAboutSecurity1d ago

25 Jahre alte cURL-Lücke geschlossen

Mit cURL 8.21.0 wurden 18 Sicherheitslücken auf einmal behoben – mehr als je zuvor in einer einzelnen Version.

Die älteste je gemeldete cURL-Schwachstelle

https://www.all-about-security.de/25-jahre-alte-curl-luecke-geschlossen/

#cURL #cybersecurity

25 Jahre alte cURL-Lücke geschlossen und behoben: Details

Erfahren Sie mehr über die Schließung der 25 Jahre alten cURL-Lücke mit Version 8.21.0 und den Behebung von 18 Sicherheitslücken.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
securityaffairs2d ago
#Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet
https://securityaffairs.com/194220/security/curl-fixes-a-25-year-old-bug-in-its-largest-cve-release-yet.html
#securityaffairs #hacking #malware
Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet - Security Affairs

Curl fixed 18 vulnerabilities, including a 25-year-old bug, with issues spanning auth bypass, memory safety, and host validation in libcurl.

Security Affairs
N-gated Hacker News2d ago
🚨BREAKING NEWS🚨: Six "new" #CVEs in #curl, including one that's the digital equivalent of a fossil! 🦖 Congrats to #AISLE for discovering what we've all known since the dawn of time: software is never perfect. 😏 But hey, at least your toaster and Mars rover can now sleep soundly knowing curl is secure. 🌌🔧
https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported #BREAKINGNEWS #softwaresecurity #cybersecurity #HackerNews #ngated
AISLE Discovers 6 CVEs in curl, Including Oldest Issue Ever

AISLE's analyzer discovered 6 new CVEs in curl, more than 2x the nearest AI security platform and including the oldest security issue in the project.

AISLE
Hacker News2d ago

Aisle Discovers 6 New CVEs in Curl, Including the Oldest Issue Ever Reported

https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported

#HackerNews #Aisle #Curl #CVEs #cybersecurity #vulnerability #discovery

AISLE Discovers 6 CVEs in curl, Including Oldest Issue Ever

AISLE's analyzer discovered 6 new CVEs in curl, more than 2x the nearest AI security platform and including the oldest security issue in the project.

AISLE
Zachary Cutlip2d ago

I’ll go ahead a reference Katie Moussouris once more that systems will exist with months if not already, that are beyond US export controls and exceed what Mythos can do
#curl

https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported

AISLE Discovers 6 CVEs in curl, Including Oldest Issue Ever

AISLE's analyzer discovered 6 new CVEs in curl, more than 2x the nearest AI security platform and including the oldest security issue in the project.

AISLE
daniel:// stenberg://2d ago

Trailing dots are the worst:

https://daniel.haxx.se/blog/2026/06/25/trailing-dots-are-the-worst/

#curl

Trailing dots are the worst

Trailing dots after hostnames in URLs remain my worst enemies. I wrote about several problems with them in the past that involved those nasty things. They are still painful. When we shipped curl 8.21.0 on June 24 2026 we fixed at least three brand new problems that involved trailing dots. C'mon, follow me down the … Continue reading Trailing dots are the worst →

daniel.haxx.se