hanno on Nostr: I wanted to disclose this eventually, but then a new version of that library came out ...
I wanted to disclose this eventually, but then a new version of that library came out and fixed the bug. And plenty of others, and well, people crash parsers for data formats from hell all the time. And I had some concerns that it would sound like I wanted to ridicule the dev, which wasn't my intention at all. But I already thought there's a deeper story here than someone accidentally leaking a PoC for an unfixed vuln. Why can this even happen?
Published at
2024-03-29 21:19:41Event JSON
{
"id": "2a9ed12087f6a50a030b0549662aa3e0e01490c69d9c6e1d03be0bec42d7e026",
"pubkey": "81399f0766981ade02ea2340eeb20f619f4d4a78a08dbfa35f36703f944d5992",
"created_at": 1711747181,
"kind": 1,
"tags": [
[
"p",
"81399f0766981ade02ea2340eeb20f619f4d4a78a08dbfa35f36703f944d5992"
],
[
"e",
"93ca04141b549e7c912330f376816ee7c7cd18a7fd593e18bc634c9535371d16",
"",
"root"
],
[
"e",
"d1e5433255f4bc85567e155ec94acad41b3ccc5b354f3e5fcbbd7e88be62a4db",
"",
"reply"
],
[
"proxy",
"https://mastodon.social/users/hanno/statuses/112181063317614563",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/hanno/statuses/112181063317614563",
"pink.momostr"
]
],
"content": "I wanted to disclose this eventually, but then a new version of that library came out and fixed the bug. And plenty of others, and well, people crash parsers for data formats from hell all the time. And I had some concerns that it would sound like I wanted to ridicule the dev, which wasn't my intention at all. But I already thought there's a deeper story here than someone accidentally leaking a PoC for an unfixed vuln. Why can this even happen?",
"sig": "19a64a3a86e5964c09f2ce708a19659e02f2860ca768ec82730e96084d4574a101cfa8e0a74fc41d60f6b40df1eb929e924bffff7627f0a7dde41e1c71f4f262"
}
