A record-setting security flaw in curl, identified as CVE-2024-11053, was introduced nearly 25 years ago. Despite rigorous testing and continuous integration efforts, security vulnerabilities persist in the code. The median age for fixing security issues in curl is over seven years. Many of these problems stem from the use of C, though the oldest bug was a logic error unrelated to the programming language. Ensuring software security remains a challenging and ongoing endeavor.
Sort: