curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CVE-2020-19909 possibly released without curl's authors ack (yet another NVD Critical)

From: James Fuller via curl-library <>
Date: Sat, 26 Aug 2023 19:58:23 +0200

'become your own CNA' - we can help with that ....


On Sat, 26 Aug 2023 at 19:50, Daniel Stenberg via curl-library
<> wrote:
> On Sat, 26 Aug 2023, Daniel Stenberg via curl-library wrote:
> > Step one. A blog post with some details:
> Other things I've done:
> - I've pushed my blog post on social media to distribute awareness.
> - I pull strings to get the CVE rejected. It is such a weird system so we
> can't easily see which CNA that assigned the Id. Some language on the NVD
> site made me think it was done by MITRE itself but I cannot find any public
> way to contact MITRE to get a CVE rejected. For any reason.
> - I wrote up an information page about this bogus CVE on the curl site:
> Several people have told me that the only effective means that exist against
> abusive CVE filings like this, is to become your own CNA as then you can
> apparently "lock" your product to only be possible to get CVEs assigned from
> your own CNA. I will look into this option.
> --
> /
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> |
> --
> Unsubscribe:
> Etiquette:
Received on 2023-08-26