hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	H1:3374554	curl: Apple SecTrust legacy path accepts untrusted certificates on pre-10.14 macOS/iOS when built with USE_APPLE_SECTRUST_H1:3374554 ## Summary: When libcurl is built with USE_APPLE_SECTRUST and runs on Apple OS versions that lack SecTrustEvaluateWithError (macOS	N/A	N/A	Oct 7, 2025	HACKERONE
NONE	H1:3373640	curl: OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)_H1:3373640 ## Summary: In curl’s OpenSSL backend, `ossl_get_channel_binding` retains a new reference to the server’s X509 certificate via `SSL_get1_peer_certi...	N/A	N/A	Oct 6, 2025	HACKERONE
NONE	H1:3366484	curl: Unsanitized IPFS CID Allows SSRF Against Configured Gateway_H1:3366484 ## Summary: `ipfs_url_rewrite()` (in `src/tool_ipfs.c`) decodes the host component (CID) of `ipfs://` / `ipns://` URLs using `CURLU_URLDECODE` and...	N/A	N/A	Oct 1, 2025	HACKERONE
NONE	H1:3361913	curl: AWS SigV4 Signature Disclosure via Verbose Logging in libcurl_H1:3361913 ## Summary When libcurl is built with AWS SigV4 support, enabling verbose logging (`CURLOPT_VERBOSE` or `--verbose`) causes the library to pri...	N/A	N/A	Sep 29, 2025	HACKERONE
NONE	H1:3357960	curl: SMTP Command Injection Vulnerabilities in curl_H1:3357960 Vulnerability description not provided	N/A	N/A	Sep 25, 2025	HACKERONE
NONE	H1:3346118	curl: Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison_H1:3346118 Vulnerability description not provided	N/A	N/A	Sep 18, 2025	HACKERONE
NONE	H1:3341476	curl: int overflow in krb5_read_data() leads to (possible) massive `recv()` write_H1:3341476 Vulnerability description not provided	N/A	N/A	Sep 16, 2025	HACKERONE
NONE	H1:3344663	curl: Security Analysis Report: CURL Integer Overflow Vulnerability_H1:3344663 Vulnerability description not provided	N/A	N/A	Sep 17, 2025	HACKERONE
NONE	H1:3340109	curl: Stack Buffer Overflow in cURL Cookie Parsing Leads to RCE_H1:3340109 Vulnerability description not provided	N/A	N/A	Sep 16, 2025	HACKERONE
NONE	H1:3337561	curl: Multiple Unsafe strcpy() Function Calls Leading to Potential Buffer Overflow Vulnerabilities in cURL 8.16.1-DEV_H1:3337561 Vulnerability description not provided	N/A	N/A	Sep 13, 2025	HACKERONE