https://curl.se/docs/CVE-2020-19909.html
I hate how many bugs end up being categorized as vulnerabilities with high severity.
I hate how many bugs end up being categorized as vulnerabilities with high severity.
@thatguyoverthere Every bug is a security vulnerability, but one should really just fix bugs and move on.
@Suiseiseki I guess technically. I can see an argument in this case for denial of service, but it's hardly 9.8 out of 10 on risk. The bug was fixed nearly 4 years before the cve was published, but even if someone is still running the vulnerable version it's not like that means they are going to use retries with a large number capable of overflow. A malicious user would likely use smaller increments for retry anyway. It isn't like curl has some kind of web interface that makes it available to unauthorized users.
Follow
@thatguyoverthere @Suiseiseki If some public service like a port checker uses curl in its scripts and one is allowed to set retry count, this can be theoretically be used for DoS attacks, but I still fail to see this as high severity — it should be something that allows privilege escalation or remote code execution, this isn't it even remotely 🤷
@thatguyoverthere@shitposter.club
@m0xee @Suiseiseki yeah when everything is high severity nothing is.
