hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	H1:3406123	curl: Buffer over-read,, Missing NUL termination in addvariable() causes undefined behavior_H1:3406123 ## Summary: [In addvariable() (used by setvariable()), the code allocates memory for p->name without space for a null-terminator and copies nlen by...	N/A	N/A	Oct 30, 2025	HACKERONE
NONE	H1:3403880	curl: Logical Flaw in curl_url_set Leads to Inconsistent Query Parameter Encoding_H1:3403880 Hello curl security team, First, thank you for your incredible work on maintaining such a critical and robust piece of software. We have been cond...	N/A	N/A	Oct 29, 2025	HACKERONE
NONE	H1:3400761	curl: curl’s persistence files inherit world-readable/writable perms from umask, leaking and tampering with cookies/HSTS/Alt-Svc caches_H1:3400761 ## Executive Summary `Curl_fopen()` clones the permissions of any pre-existing persistence file when creating its temporary file. When the persiste...	N/A	N/A	Oct 27, 2025	HACKERONE
NONE	H1:3400831	curl: CURLX_SET_BINMODE(NULL) can call fileno(NULL) and cause undefined behavior / crash_H1:3400831 Summary ------- Calling the `CURLX_SET_BINMODE(stream)` macro with `stream == NULL` leads to an unguarded call to `fileno(NULL)` in `tool_binmode.h...	N/A	N/A	Oct 27, 2025	HACKERONE
NONE	H1:3399774	curl: Integer Overflow to Heap Overflow in DoH Response Handling_H1:3399774 ## Summary: An integer overflow vulnerability exists in the `doh_probe_write_cb` function in `lib/doh.c`. This function is used as a write callback...	N/A	N/A	Oct 25, 2025	HACKERONE
NONE	H1:3395218	curl: Use of Deprecated strcpy() with Fixed-Size Buffers in Progress Time Formatting_H1:3395218 Step 2: Locate Vulnerable Code in Progress.c ``` # Find exact strcpy usage in tool_progress.c grep -n "strcpy" ./src/tool_progress.c # OUTPUT: # 9...	N/A	N/A	Oct 22, 2025	HACKERONE
NONE	H1:3395227	curl: Use of Deprecated strcpy() with User-Controlled Environment Variable in Memory Debug Initialization_H1:3395227 Discovery Method Step 1: Initial Security Scan ``` # Find all files using dangerous string functions find src/ -name "*.c" -exec grep -l "strcpy\\|s...	N/A	N/A	Oct 22, 2025	HACKERONE
NONE	H1:3392174	curl: Buffer Overflow in WebSocket Handshake (lib/ws.c:1287)_H1:3392174 ## Summary: Buffer overflow vulnerability in curl's WebSocket implementation due to unsafe use of strcpy() in the handshake process. The vulnerabil...	N/A	N/A	Oct 21, 2025	HACKERONE
NONE	H1:3387499	curl: SMTP Command Injection Vulnerability in libcurl 8.16.0 via RFC 3461 Suffix_H1:3387499 ## Executive Summary libcurl version 8.16.0 contains a critical SMTP command injection vulnerability (CVE-quality) in the implementation of RF...	N/A	N/A	Oct 16, 2025	HACKERONE
NONE	H1:3379102	curl: Missing enforcement of SFTP quote syntax can lead to operation on wrong object_H1:3379102 ## Summary: curl supports `-Q` or `--quote` (and libcurl `CURLOPT_QUOTE`) to specify "commands" to execute for ftp and SFTP connections. The SFTP ...	N/A	N/A	Oct 10, 2025	HACKERONE