diff options
| author | Xe Iaso <me@xeiaso.net> | 2024-06-27 14:13:07 -0400 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2024-06-27 14:13:07 -0400 |
| commit | ff285ce77ba0c5fdad10d74831d9ff73c95aed6d (patch) | |
| tree | a63e7c7ec041d6429ce8f26501fe96895d9aa188 /lume/src/shitposts | |
| parent | ef3d8ccd0419838d8b8e30ea72586f03b5dbbb5a (diff) | |
| download | xesite-ff285ce77ba0c5fdad10d74831d9ff73c95aed6d.tar.xz xesite-ff285ce77ba0c5fdad10d74831d9ff73c95aed6d.zip | |
CVE-2024-5535
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'lume/src/shitposts')
| -rw-r--r-- | lume/src/shitposts/no-way-to-prevent-this/CVE-2024-5535.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/lume/src/shitposts/no-way-to-prevent-this/CVE-2024-5535.md b/lume/src/shitposts/no-way-to-prevent-this/CVE-2024-5535.md new file mode 100644 index 0000000..03db46e --- /dev/null +++ b/lume/src/shitposts/no-way-to-prevent-this/CVE-2024-5535.md @@ -0,0 +1,20 @@ +--- +title: '"No way to prevent this" say users of only language where this regularly happens' +date: 2024-06-27 +series: "no-way-to-prevent-this" +type: blog +hero: + ai: "Photo by Andrea Piacquadio, source: Pexels" + file: sad-business-man + prompt: A forlorn business man resting his head on a brown wall next to a window. +--- + +In the hours following the release of [CVE-2024-5535](https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html) for the project [OpenSSL](https://openssl.org/), site reliability workers +and systems administrators scrambled to desperately rebuild and patch all their systems to fix NPN (the precursor to ALPN) in OpenSSL 1.0.x, 1.1.x, and 3.x leaking 255 bytes of client heap to the server with every write. This is due to the affected components being +written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes +these things just happen and there's nothing anyone can do to stop them," said programmer Ms. Carrie Kuhn, echoing statements +expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have +occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can +we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to +write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities +regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless." |