daniel:// stenberg://Aug 25, 2023

"CVE-2020-19909 is everything that is wrong with CVEs"

A claimed "9.8 CRITICAL" flaw in #curl that does not exist.

https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

CVE-2020-19909 is everything that is wrong with CVEs

This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system. CVE-2020-19909 On August 25 2023, we got … Continue reading CVE-2020-19909 is everything that is wrong with CVEs →

daniel.haxx.se
Show threadP4
@bagder I've noticed a small error in the time conversions in your post: "two million seconds (roughly 68 years)" - this should be either 2 billion seconds or ~23 days.
EDIT: fixed now, thanks.
Aug 26, 2023 at 7:33amWeb
Show threadP4Aug 26, 2023
@bagder Also, this totally ruins my plan of building a space probe running curl 7.65.2 on Windows that would communicate over http with a server in another galaxy.
Show threaddaniel:// stenberg://Aug 26, 2023
@p4 it struck me as well. Thanks, will correct soon!