#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered.

Harry Sintonen@infosec.exchange to Cybersecurity@fedia.io · 15 hours ago

It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.

The issue has existed in the curl source code for almost twenty-five years.

• https://curl.se/docs/CVE-2024-11053.html
• https://hackerone.com/reports/2829063

No AI tools were used in discovering or reporting the vulnerability.

#noai #handcrafted #infosec #cybersecurity

You must log in or # to comment.

Chat

Cybersecurity@fedia.io

cybersecurity@fedia.io

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecurity@fedia.io

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

26 users / day
172 users / week
423 users / month
861 users / 6 months
5 local subscribers
3 subscribers
273 Posts
224 Comments
Modlog