- cross-posted to:
- hackernews@derp.foo
- cross-posted to:
- hackernews@derp.foo
In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH.
While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw works and how it happened.
These things happen, best you can do is fix them when they do and accept responsibility. Cheers to the devs. Memory-safe languages are the future