It's a typo, even if they don't sell it why report it to curl? for clout? You can still exploit it against real world apps. Who would they sell it to? I would sell it to zerodium instead of report to curl personally.
How much time do people spend finding bugs, is their time not worth anything because some other random people decide to use AI?
Curl is high-visibility, there are people. and it doesn't take a lot of competency to triage. Heck, I like to think I have a good handle at C and memory exploitation, I will volunteer my time for free if they need help.
How much time do people spend finding bugs, is their time not worth anything because some other random people decide to use AI?
Curl is high-visibility, there are people. and it doesn't take a lot of competency to triage. Heck, I like to think I have a good handle at C and memory exploitation, I will volunteer my time for free if they need help.