curl disclosed on HackerOne: Buffer Overflow Risk in Curl_inet_ntop...
hackerone.com
*Curl is a software that I love and is an important tool for the world. * *If my report doesn't align, I apologize for that.* The `Curl_inet_ntop` function is designed to convert IP addresses from binary format to human-readable string format, supporting both IPv4 and IPv6. It internally delegates to `inet_ntop4` for IPv4 addresses and `inet_ntop6` for IPv6 addresses. However, insufficient...

Now, with the help of AI, it’s even easier to waste time of open source developers by creating fake security vulnerability reports.

  • Badabinski
    141 month ago

    Man, why would you do this type of shit with a username that’s easily linked back to your real name and business ventures? I found this person’s GitHub profile, LinkedIn page, current employer, and a link to some sort of startup business page just by doing a simple search for their very public username: https://webug.xyz

    Several people over at Hackernews have posted this same info because security people are curious. It’s just baffling to me. If you’re going to be a scumbag, you should at least try to distance yourself from it.

    (also, wtf is that page of AI slop even trying so say? What the fuck is any of that for?)

    • @[email protected]English
      11 month ago

      If it were a successful report they’d want the attribution, recognition, and publicity.

      They didn’t see the bad they were doing. I wonder if they see it now. Given their response, I doubt it.

    • @[email protected]
      01 month ago

      If you’re going to be a scumbag, you should at least try to distance yourself from it.

      Guess you’d have to be a smart scumbag too…