On 07/01/2021 13:47, Jeffrey Walton via curl-library wrote: > All memory leaks can lead to resource exhaustion on > platforms that use > managed languages due to the process lifecycle model. > > The managed languages load and unload a shared object multiple times > throughout the lifetime of the process. > > I guess that means, if cURL can run on a managed platform, then the > potential for resource exhaustion exists, and the memory leak is CVE > worthy.
Can't say I'm really seeing the relevance of managed platforms. Leaks can have impact anywhere. You don't need to be fooling a garbage collector to get a memory leak. So just saying any leak is CVE worthy because you can run cURL on a managed platform, is the same as saying any leak is CVE worthy always. Which it isn't. Cheers ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
