Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty FAQ   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Videos Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users IRC / chat Mailing lists Everything curl [book] Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl Tests Overview
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Regarding service request 1513650 (fwd)

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 29 Aug 2023 23:19:56 +0200 (CEST)

I asked MITRE for CVE-2020-19909 to be rejected. Denied. 

-- 
  / daniel.haxx.se
---------- Forwarded message ----------
Date: Tue, 29 Aug 2023 17:10:47
From: CVE Request <CVE-Request_at_mitre.org>
To: "daniel_at_haxx.se" <daniel_at_haxx.se>
Subject: Regarding service request 1513650
Hello,
Regarding your CVE service request, logged on 2023-08-28T11:09:47, we have the following question or update:
After review there are multiple perspectives on whether the issue information is helpful to consumers of the CVE List, our current preference is in the direction of keeping the CVE ID assignment. There is a valid weakness (integer overflow) that can lead to a valid security impact (denial of service, based on retrying network traffic much more often than is documented/requested). The record has been flagged as DISPUTED and the views have been recorded as a NOTE in the record as well. This request will now be closed.
Please do not hesitate to contact the CVE Team by replying to this email if you have any questions, or to provide more details.
Please do not change the subject line, which allows us to effectively track your request.
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html]
{CMI: MCID14239336}
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-08-29