HackerOne
## Summary: (Note: AI created the PoC, not the report.) In the `krb5_read_data()` function [here](https://github.com/curl/curl/blob/af7d67d3c03329116e593d999851d2cc3ebbf119/lib/krb5.c#L526-L551),...| HackerOne
## Summary: (Note: AI created the PoC, not the report.) In the `krb5_read_data()` function [here](https://github.com/curl/curl/blob/af7d67d3c03329116e593d999851d2cc3ebbf119/lib/krb5.c#L526-L551),...| HackerOne
We are dropping support for this feature in curl 8.17.0. Kerberos5 FTP to be exact. The last Kerberos support we had for FTP. Badness On September 16, 2025 we received a security report that accurately identified a possible stack based buffer overflow in the Kerberos FTP code that could allow a malicious FTP server cause … Continue reading Bye bye Kerberos FTP →| daniel.haxx.se
I have previously blogged about the relatively new trend of AI slop in vulnerability reports submitted to curl and how it hurts and exhausts us. This trend does not seem to slow down. On the contrary, it seems that we have recently not only received more AI slop but also more human slop. The latter … Continue reading Death by a thousand slops →| daniel.haxx.se
