Huge Curl vulnerability about to drop

toast · Oct 9, 2023

Apparently, it's the worst there has been in a long time...
Dropping Wednesday.
Gonna be fun!

I'll post an update once we know what it is.

desultory · Oct 11, 2023

Prior to reading the linked story, I was expecting something... different.

lucihaj · Oct 11, 2023

It's released:

Hélène · Oct 11, 2023

lucihaj Oh, that’s not that bad, they all made it sound so much worse than it really is

Hélène · Oct 11, 2023

desultory He’s been complaining about bogus CVEs and he’s not the only one suffering from those either as far as i know…

toast · Oct 11, 2023

Ok yeah, even if it was super serious (I didn't bother looking) it obv only affects you if you use SOCKS5 which is not that many people.

mycelium · Oct 11, 2023

toast if you use SOCKS5

People using Tor are heavily sweating

Hélène · Oct 11, 2023

mycelium if you’re using curl over Tor i think you have a different problem, especially if you don’t have modern security compilation flags on anything including your libc that would prevent exploitation of this