bagder

bagder, 8 months ago to random

How I made a heap overflow in #curl

Let me talk CVE-2023-38545 a bit

https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/

bagder, 8 months ago to random

Today we got what must be the most alarming first line in a newly file sec issue to #curl:

"To replicate the issue, I have searched in the Bard about this vulnerability"

... followed by a complete AI hallucination where Bard has dreamed up a new issue by combining snippets from several past flaws. Creative, but hardly productive.

Closed as bogus.

nixCraft, 8 months ago to random

Your sibling wants to start coding. What programming language would you recommend?
0. C

1. JavaScript
2. Java
3. Python
4. Something else

bagder, 9 months ago to random

Tell me my mistakes and omissions in my #curl vs #wget venn diagram

bagder, 10 months ago to random

"CVE-2020-19909 is everything that is wrong with CVEs"

A claimed "9.8 CRITICAL" flaw in #curl that does not exist.

https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

bagder, 10 months ago to random

Today in 2000, 23 years ago, we introduced #libcurl into the world. #curl 7.1 was the first release featuring a separate library for Internet transfers, that curl was then made to use.

PHP adopted it almost instantly to become their default built-in transfer engine, which greatly helped the library "take off".

libcurl was not an instant success but has gradually grown more popular over time. Over 23 years.

Today we estimate 20 BILLION installations worldwide.