Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Some question about CVE-2020-8231
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: 陈星杵 via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 2 Jan 2025 16:32:44 +0800 (GMT+08:00)
Hello! Sorry to bother you. I notice that CVE-2020-8231[1] is a Expired Pointer Dereference Vulnerability, and the patch[2] fixes 5files. I know the c43127414d[3] is introduced commit of the lib/connect.c. At the same time, I find the introduced commit of the lib/multi.c is 575e885db0. So I want to know which one is the real Vulnerability introduced commit, and why?Thanks for your time!
[1] https://curl.se/docs/CVE-2020-8231.html
[2] https://github.com/curl/curl/commit/3c9e021f86872baae412
[3] https://github.com/curl/curl/commit/c43127414d
[4] https://github.com/curl/curl/commit/575e885db0
Date: Thu, 2 Jan 2025 16:32:44 +0800 (GMT+08:00)
Hello! Sorry to bother you. I notice that CVE-2020-8231[1] is a Expired Pointer Dereference Vulnerability, and the patch[2] fixes 5files. I know the c43127414d[3] is introduced commit of the lib/connect.c. At the same time, I find the introduced commit of the lib/multi.c is 575e885db0. So I want to know which one is the real Vulnerability introduced commit, and why?Thanks for your time!
[1] https://curl.se/docs/CVE-2020-8231.html
[2] https://github.com/curl/curl/commit/3c9e021f86872baae412
[3] https://github.com/curl/curl/commit/c43127414d
[4] https://github.com/curl/curl/commit/575e885db0
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-01-02