On Fri, 7 Mar 2025, 陈星杵 via curl-library wrote:
regarding CVE-2022-43551[2], you mentioned that earlier versions might not
be vulnerable due to HSTS feature was not enabled by default and was labled
as experimental. So I'm wondering what the significance of doing this work
is. For the reason, I would like to ask, how do you determine the impact
range of a vulnerability? Do you rely on dynamic analysis by running a
Proof-of-Concept (PoC) or static code review?
I believe I am the individual having done this work for just about all past
curl vulnerabilities.
I have never used a tool for this other than git and mostly manual code
inspection. I wouldn't trust a tool to do it right (and I was not even aware
there were tools for this), and for a lot of vulnerabilities we either don't
have an easy reproducible (that works the same across versions) or we run into
problems with building older curl versions etc.
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
