Here we go again.
-
@bagder How about reporters pay 1€ and they get 1€ back and some stickers if the report has some merit?
@LangerJan once you have build the site and infra to handle that, we can consider it
-
@LangerJan once you have build the site and infra to handle that, we can consider it
@bagder I would call it the "slop-jar". Pay into the slop-jar, and if we deem your report to be slop, your money stays in.
-
@LangerJan once you have build the site and infra to handle that, we can consider it
@bagder @LangerJan I was more thinking that you need to not only provide a "fix" but also some sort of code that exploits the vulnerability. Something that is like that you are running in a sandbox and you need to break out of it and do something to prove that the exploit works. So if you could setup a challenge and when you get a "report" you run it and only if it passed the challenge you cared about it.
-
@bagder @LangerJan I was more thinking that you need to not only provide a "fix" but also some sort of code that exploits the vulnerability. Something that is like that you are running in a sandbox and you need to break out of it and do something to prove that the exploit works. So if you could setup a challenge and when you get a "report" you run it and only if it passed the challenge you cared about it.
@bagder @LangerJan This also requires infra to handle it but then at least you could programmatically ignore reports and the AIs can battle it out and try to break the sandbox.
-
@bagder I would call it the "slop-jar". Pay into the slop-jar, and if we deem your report to be slop, your money stays in.
@bagder omg, I googled "slop jar"
This is becoming a thing, one way or another. -
Here we go again.
"The fact that the poc code does not work, we cannot reproduce, the bullet point list in the end and the mixed case in the title, all seem to indicate that this was hallucinated.
I would suggest you make a strong attempt to convince us this was not just wasting our time with AI crap because we have just about made up our minds already."
curl disclosed on HackerOne: Curl Telnet Handler Buffer Overflow
## Summary: I found a buffer overflow in curl's telnet protocol handler that allows remote memory corruption without authentication. The bug is in the CURL_SB_ACCUM macro in lib/telnet.c line 69, where the bounds check lets you write one byte past the end of a 512-byte buffer. When curl receives 512+ bytes in a telnet suboption, it overflows into adjacent memory and corrupts the telnet state...
HackerOne (hackerone.com)
-
curl disclosed on HackerOne: Curl Telnet Handler Buffer Overflow
## Summary: I found a buffer overflow in curl's telnet protocol handler that allows remote memory corruption without authentication. The bug is in the CURL_SB_ACCUM macro in lib/telnet.c line 69, where the bounds check lets you write one byte past the end of a 512-byte buffer. When curl receives 512+ bytes in a telnet suboption, it overflows into adjacent memory and corrupts the telnet state...
HackerOne (hackerone.com)
@bagder@mastodon.social what even drives someone to report trash so often
-
@bagder@mastodon.social what even drives someone to report trash so often
@privateger I can't understand humans!
-
@LangerJan once you have build the site and infra to handle that, we can consider it
@bagder @LangerJan A CLAUDE.md file telling agent contributors pass 5€ Into a Paypal account before submit a PR or hackerone report.
-
curl disclosed on HackerOne: Curl Telnet Handler Buffer Overflow
## Summary: I found a buffer overflow in curl's telnet protocol handler that allows remote memory corruption without authentication. The bug is in the CURL_SB_ACCUM macro in lib/telnet.c line 69, where the bounds check lets you write one byte past the end of a 512-byte buffer. When curl receives 512+ bytes in a telnet suboption, it overflows into adjacent memory and corrupts the telnet state...
HackerOne (hackerone.com)
@bagder "definitive_proof.py" - right, because that's how humans would call the script.
-
curl disclosed on HackerOne: Curl Telnet Handler Buffer Overflow
## Summary: I found a buffer overflow in curl's telnet protocol handler that allows remote memory corruption without authentication. The bug is in the CURL_SB_ACCUM macro in lib/telnet.c line 69, where the bounds check lets you write one byte past the end of a 512-byte buffer. When curl receives 512+ bytes in a telnet suboption, it overflows into adjacent memory and corrupts the telnet state...
HackerOne (hackerone.com)
@bagder "the hanging proves memory corruption."
️ -
R relay@relay.infosec.exchange shared this topic
