HackerOne Bug Bounty Disclosure: openssl-backend-x-peer-certificate-not-freed-in-ossl-get-channel-binding-causes-per-request-memory-leak-dos-risk-for-long-lived-clients-giant-anteater

October 8, 2025

Company Name:
curl

Company HackerOne URL:
https://hackerone.com/curl

Submitted By:
giant_anteater

Link to Submitters Profile:
https://hackerone.com/giant_anteater

Report Title:
OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)

Report Link:
https://hackerone.com/reports/3373640

Date Submitted:
08 October 2025

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags:

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: openssl-backend-x-peer-certificate-not-freed-in-ossl-get-channel-binding-causes-per-request-memory-leak-dos-risk-for-long-lived-clients-giant-anteater

October 8, 2025
hackerone

HackerOne Bug Bounty Disclosure: pending-invites-remain-valid-even-after-the-inviter-is-removed-mantu

October 8, 2025
hackerone

HackerOne Bug Bounty Disclosure: dns-rebinding-ssrf-in-burp-suite-mcp-server-enables-internal-network-access-via-send-hxxp-request-tool-farmer

October 8, 2025
image

[DRAGONFORCE] – Ransomware Victim: Cofiex Asesoría de Empresas, S[.]L

October 8, 2025
image

[DRAGONFORCE] – Ransomware Victim: Allgäu Stern Hotel

October 8, 2025