Undefined Behaviour as usual
Undefined Behaviour as usual
Posted Feb 27, 2024 11:02 UTC (Tue) by JustABug (guest, #169930)In reply to: Undefined Behaviour as usual by mb
Parent article: Stenberg: DISPUTED, not REJECTED
A bug can just be a bug.
It doesn't need to have a CVE entry to be remediated quickly.
It doesn't need to have a CVE entry to be remediated quickly.
Does this UB allow for priviledge escalation? Data expositon? What's the attack vector? User intentionally entering a stupid value?
If the user can run curl they can run rm -rf
What's the output? Program crash? Exploitable unintended behaviour? What's an abuse scenario?
The researcher filing the CVE needs to demonstrate their CVE isn't a nothing burger.
The only advantage I can think of for filing a CVE for every UB is ensuring the fix is backported. Using BS CVEs as a tool to get things backported is an abuse of the system to address the problem of selective backporting.