curl disclosed on HackerOne: Buffer Overflow Risk in Curl_inet_ntop...
hackerone.com
*Curl is a software that I love and is an important tool for the world. * *If my report doesn't align, I apologize for that.* The `Curl_inet_ntop` function is designed to convert IP addresses from binary format to human-readable string format, supporting both IPv4 and IPv6. It internally delegates to `inet_ntop4` for IPv4 addresses and `inet_ntop6` for IPv6 addresses. However, insufficient...

Now, with the help of AI, it’s even easier to waste time of open source developers by creating fake security vulnerability reports.

  • cynar@lemmy.worldEnglish
    3·
    3 days ago

    Unfortunately, the methods of detecting AI generated text and training AI text generaters is basically identical. Any reliable method of detecting AI can therefore be used to improve its performance.

    You can, at least, detect low grade attempts to use it. The default output has distinctive patterns. These can be detected. The problem is 2 fold. Firstly, some people write in the same way (the LLM is copying the amalgam, and they write close to that). Secondly, it’s fairly trivial to ask the LLM to change its writing style.

    No matter your method, you need to accept a high rate of both false positives and negatives.