Crashes with stack traces ending in third party libraries but triggerable through curl #13490

nbars · 2024-04-27T13:02:41Z

nbars
Apr 27, 2024

Hey everyone, I have a quick question related to reporting bugs with possible security implications. I found some crashes (assert & 0 deref), but they manifest in third-party libs (ngtcp2 & nghttp3) but can be triggered through curl.

Should these still be reported via Hacker One or to the respective projects? Since I don't know the actual root cause of these bugs, I'm uncertain which way to go.

Best,
Nils

Answered by jay

Apr 30, 2024

Please report to curl on hacker one so the security team can look into it. Thanks

View full answer

jay · 2024-04-30T02:38:05Z

jay
Apr 30, 2024
Maintainer

Please report to curl on hacker one so the security team can look into it. Thanks

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Crashes with stack traces ending in third party libraries but triggerable through curl #13490

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Crashes with stack traces ending in third party libraries but triggerable through curl #13490

nbars Apr 27, 2024

Replies: 1 comment

jay Apr 30, 2024 Maintainer

nbars
Apr 27, 2024

jay
Apr 30, 2024
Maintainer