17. February 2023 | CW7

cURL Audit: How a Joke Led to Significant Findings

While discussing the threat model of the cURL application, one of TrailOfBits team members jokingly asked, “Have we tried curl AAAAAAAAAA… yet”? Although the comment was made in jest, it sparked an idea: we should fuzz cURL’s command-line interface (CLI). This blog post describes how the security researchers found 5 critical vulnerabilities, through this one joke: Learn more.

From: Maciej Domanski

In Other News

Phylum Discovers Revived Crypto Wallet Address Replacement Attack
Phylum discovers over 451 unique malicious packages targeting popular PyPI packages like Selenium.. Learn more.
From:The Phylium Research Team

This Week's Discussion

What's the Difference Between Invariant and fuzz testing?
From: Patrick Collins

New Tutorial

boofuzz Network Protocol Fuzzing for Humans
From: Pentester Club

Fuzzing Jobs

Developer Community Manager
Code Intelligence, Bonn, Germany

Software Engineer Test Engineering Services
Vector, Pune, India

Code Intelligence, Rheinwerkallee 6,
Bonn, NRW 53227, +49 228 28695830

Unsubscribe Manage preferences

Fuzzing Weekly

Your weekly updates on fuzz testing

Imprint
Privacy Policy