hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	H1:3484431	curl: HTTP Request Smuggling and SSRF via CRLF Injection in Curl_add_custom_headers_H1:3484431 ## Summary: A lack of CRLF validation in `Curl_add_custom_headers` at `lib/http.c:1761` allows users to inject arbitrary HTTP headers. This violat...	N/A	N/A	Jan 2, 2026	HACKERONE
NONE	H1:3484506	curl: CRLF Injection in Gopher Protocol (`lib/gopher.c`)_H1:3484506 Control characters slip through during URL handling in curl’s Gopher setup. Though null bytes get blocked by the `REJECT_ZERO` setting, returns and...	N/A	N/A	Jan 2, 2026	HACKERONE
NONE	H1:3483225	curl: A quiet New Year wish for security researchers_H1:3483225 Hi curl Security Team and fellow security researchers, Sorry in advance if this isn’t a traditional security report. I know your time is v...	N/A	N/A	Dec 31, 2025	HACKERONE
NONE	H1:3484319	curl: MQTT Protocol Violation & Integer Overflow in libcurl_H1:3484319 ## Executive Summary Vulnerability Type: CWE-190 Component: lib/mqtt.c Function: mqtt_decode_len Affected Architectures: - **...	N/A	N/A	Jan 1, 2026	HACKERONE
NONE	H1:3481849	curl: HTTP/2 and HTTP/3 Header Injection in curl_H1:3481849 ================================================================================ VULNERABILITY REPORT: HTTP/2 and HTTP/3 Header Injection in curl =...	N/A	N/A	Dec 29, 2025	HACKERONE
NONE	H1:3480713	curl: Proxy-Authorization header is leaked to origin server after redirect from proxied to direct connection_H1:3480713 ## Summary curl leaks the Proxy-Authorization header to the origin server after following an HTTP redirect that transitions from a proxied connect...	N/A	N/A	Dec 28, 2025	HACKERONE
NONE	H1:3481595	curl: SMTP CRLF Injection & Protocol Desynchronization in libcurl_H1:3481595 ## Executive Summary A critical security vulnerability has been identified in `libcurl`'s SMTP protocol handler. The vulnerability allows for **SMT...	N/A	N/A	Dec 29, 2025	HACKERONE
NONE	H1:3480712	curl: Telnet Suboption Buffer Pointer Underflow in lib/telnet.c leads to Out-of-Bounds Read_H1:3480712 ## Summary A buffer pointer underflow vulnerability exists in curl's telnet protocol handler (`lib/telnet.c`). When processing telnet suboptions i...	N/A	N/A	Dec 28, 2025	HACKERONE
NONE	H1:3480641	curl: Cross‑Layer State Confusion in libcurl: Credential & Key‑Material Persistence Across Redirect / Connection Reuse Boundaries_H1:3480641 ## Summary: This report describes a state‑level security invariant violation in libcurl where credential‑ or key‑related state may persist or be re...	N/A	N/A	Dec 28, 2025	HACKERONE
NONE	H1:3479984	curl: CRLF Injection / Protocol Smuggling in libcurl via CURLOPT_USERNAME (IMAP)_H1:3479984 ## Summary: I have discovered a CRLF injection vulnerability in the IMAP protocol implementation of libcurl. The vulnerability exists because the `...	N/A	N/A	Dec 27, 2025	HACKERONE