daniel:// stenberg://It has gone zero days since the latest slop
Now disclosed: https://hackerone.com/reports/3230082
curl disclosed on HackerOne: Stack-based Buffer Overflow in TELNET...
**Title:** Stack-based Buffer Overflow in TELNET NEW_ENV Option Handling **Vulnerability Description:** **Summary:** A stack-based buffer overflow vulnerability exists in the `libcurl` TELNET handler. When `libcurl` connects to a malicious TELNET server, the server can trigger an overflow by sending a `NEW_ENVIRON SEND` request. This causes the client to construct a response that overwrites...
... and added to the list: https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd
Exa 
@bagder Wow, I just read the first two links and it's amazing, it feels like the submitters think they're going to be paid for submitting nothing of value. Will continue reading.
@Exagone313 it is educational. And frustrating...
Natasha Nox 🇺🇦🇵🇸@Exagone313 @bagder The second one is funny in hindsight given today you can immediately tell from the wording it's just copied directly off of ChatGPT.
"Hello <user>,
Certainly! Let me elaborate on the concerns raised by the triager:
[...]
I hope this clarifies the concerns. If you have any further questions or need additional details, feel free to ask."
ChatGPT LOVES its "Certainly!" starter.
They didn't even bother writing a comprehensive LLM command not to use the default slop wording.
alpharee
theoretical lesbianismhey chat, give this in a nice way so I reply on hackerone with this commentim dying 😭
Brodie Robertson@bagder Chat is Curl cooked
@BrodieOnLinux @bagder F in chat.
arcayr
Ariadne Conill 🐰
@bagder i don’t think that’s how snprintf works…
Cory Carson@bagder thank you for sharing these