On 5/30/24 12:53 AM, B_M wrote:
Hello, I have discovered a severe heap overflow vulnerability in Bash, which exists in both the latest and older versions. Attackers can craft payloads to elevate privileges or execute malicious code. Should I directly submit it to the CVE website, or should I send it to you? If I send it to you, can I still obtain a CVE identifier?
Send it to me -- directly if you like -- so we can see if you've got
something.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU [email protected] http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
