daniel:// stenberg://Feb 4
Switching away from Hackerone is not a guarantee... Here we go.
Show threaddaniel:// stenberg://

George,

This was pure stupidity from your part (including your AI) and was nothing but rude and pointless.

Please never contact us again.

Feb 4 at 11:12amWeb
Show threaddaniel:// stenberg://Feb 4

the guy and his AI found three uses of memcmp() in TLS code and insisted it was a "CRITICAL" side-channel security vulnerability.

A 2-second check of those three uses told us it was not real.

byebye George

Show threadKlaus FrankFeb 4

@bagder

But memcmp is evil /s

*insert child screaming and shitting all over the ceiling picture here*

Show threadGina HäußgeFeb 4
@bagder byebye George! 👋
Show threadAris Adamantiadis 💲PaidFeb 4
@bagder we received a CVSS 7.5 DoS report because an invalid packet may trigger a int underflow. The packet parsing code then refuses to handle a 4GB packet and closes the session gracefully. The report was entirely AI generated.