-
m-relay<rbrunner7:monero.social> Maybe I am dumb. HackerOne says "This report has been disclosed." but I don't see any details, can't seem to read anything from the conversation, hardly know anything more now than what this was about, on a conceptual level. Is this already "disclosure"? Is there a second level of "disclosure" with more details?
-
sech1monero-project/monero #9765 was the PR that fixed that vulnerability
-
sech1TLDR it was possible to make monerod allocate too much RAM while serving many RPC requests in parallel
-
selstarbrunner7: it's a limited disclosure, the issue submitter requested it this way
-
m-relay<ofrnxmr:xmr.mx> sech1 thats a different one
-
m-relay<syntheticbird:monero.social> At my understand of it, no, there is no second level of disclosure provided by H1.
-
m-relay<syntheticbird:monero.social> also yeah ofrnxmr is right. sech1 this is a different vulnerability
-
m-relay<syntheticbird:monero.social> i hope whoever find this one in particular will disclose it in details
7 hours ago