Björkus "No time_t to Die" DorkusOct 5, 2023

... I picked a bad time to go all-in on improving C, huh?

https://github.com/curl/curl/discussions/12026

Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11 · curl/curl · Discussion #12026

We are cutting the release cycle short and will release curl 8.4.0 on October 11, including fixes for a severity HIGH CVE and one severity LOW. The one rated HIGH is probably the worst curl securit...

GitHub
Show threadBjörkus "No time_t to Die" Dorkus
Place your bets 🎲🎰🎲, ladies and gentlemen, creatures and thingies alike:
Buffer Overflow into RCE
48.4%
OOB into Priv. Escalation
21.3%
Stack Smash into RCE
15.1%
Unsanitized Code Exec
15.1%
Poll ended at .
Oct 5, 2023 at 5:04pmWeb
Show threadBilly O'NealOct 5, 2023
@thephd Stack smashing was almost completely killed by the stack protector.
Show threadBjörkus "No time_t to Die" DorkusOct 5, 2023
@malwareminigun I never underestimate C's ability to surprise me. :D
Show threadCULTPONY  Oct 5, 2023
@thephd I bet it's one of the more obscure curl protocols having a gaping hole and somehow it works with HTTPS or something
Show threadGraham Sutherland / PolynomialOct 5, 2023
@thephd UAF.