hackerone - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	H1:3480039	curl: WebSocket Logic Error: Control Frame (PING/PONG) Starvation causes Connection Drop (DoS) during large transfers_H1:3480039 Summary: I have discovered a logic flaw in lib/ws.c regarding the handling of WebSocket Control Frames (PING/PONG). According to RFC 6455, Control ...	N/A	N/A	Dec 27, 2025	HACKERONE
NONE	H1:3480078	curl: Heap Buffer Over-read in lib/http2.c (on_header) handling PUSH_PROMISE frames_H1:3480078 ## Summary: I have discovered a Heap Buffer Over-read vulnerability in `lib/http2.c` within the `on_header` callback function. When processing HTTP...	N/A	N/A	Dec 27, 2025	HACKERONE
NONE	H1:3479203	curl: HTTP/3 Protocol Smuggling and Header Injection via CRLF in QPACK value conversion_H1:3479203 A fundamental design flaw exists in how libcurl handles HTTP/3 (QUIC) response headers across all supported backends (ngtcp2, quiche, openssl-quic)...	N/A	N/A	Dec 26, 2025	HACKERONE
NONE	H1:3479019	curl: Security hardening: missing integer overflow check in curl_load_library()_H1:3479019 ## Summary A missing integer overflow check was identified in `lib/system_win32.c::curl_load_library()` when calculating the buffer size for a DLL ...	N/A	N/A	Dec 26, 2025	HACKERONE
NONE	H1:3477023	curl: Protocol Smuggling / CRLF Injection via Gopher Protocol allows Arbitrary Command Injection_H1:3477023 Summary: I have discovered that the Gopher protocol implementation in curl fails to properly sanitize newline characters (%0d%0) in the selector pa...	N/A	N/A	Dec 24, 2025	HACKERONE
NONE	H1:3475472	curl: Public-suffix cookie injection when libpsl is disabled_H1:3475472 Summary: When libcurl is built without libpsl, Domain attribute validation accepts public suffixes like .co.uk, allowing a malicious host to plant ...	N/A	N/A	Dec 22, 2025	HACKERONE
NONE	H1:3476928	curl: Integer Overflow in `curl_easy_escape()` may lead to heap buffer overflow and stack memory disclosure on 32-bit platforms_H1:3476928 ## Disclaimer Both the confirmation, and reporting of this vulnerability used AI assistance. Nonetheless, I manually reviewed all of the reported r...	N/A	N/A	Dec 23, 2025	HACKERONE
NONE	H1:3475613	curl: HAProxy Connection Reuse leads to IP Spoofing and mTLS Context Smuggling_H1:3475613 ##Executive Summary `libcurl` fails to respect the `CURLOPT_HAPROXY_CLIENT_IP` configuration when reusing existing connections. Due to a missing c...	N/A	N/A	Dec 22, 2025	HACKERONE
NONE	H1:3474865	curl: libcurl WebSocket handshake accepts any Sec-WebSocket-Accept_H1:3474865 Summary: libcurl upgrades to WebSocket without validating Sec-WebSocket-Accept, allowing a spoofed 101 response to complete the handshake and injec...	N/A	N/A	Dec 22, 2025	HACKERONE
NONE	H1:3473182	curl: A logic error in detect_proxy caused truncation of environment variable names for long protocol schemes._H1:3473182 In lib/url.c, the detect_proxy function uses a fixed-size buffer, proxy_env[20], to construct proxy environment variable names (e.g., http_proxy). ...	N/A	N/A	Dec 20, 2025	HACKERONE