Subscribe

Bogus security reports plague open-source projects

There has been a number of bogus security reports filed against popular open-source software projects. These reports have claimed to find critical vulnerabilities in software like cURL and PostgreSQL, but upon closer inspection, they have all turned out to be false.

The reports appear to have been filed by automated tools that scan commit messages for keywords like “buffer overflow” and “denial of service.” These tools then automatically generate CVEs (Common Vulnerabilities and Exposures) without actually verifying whether the vulnerabilities exist.

It was alleged that PostgreSQL 12.2 was susceptible to a denial of service attack through repeated SIGHUP signals. It was tagged
CVE-2020-21469, with a CVSS score of 9.8. However, a closer examination revealed that ordinary users lack the ability to send SIGHUP signals or terminate PostgreSQL processes. This “flaw” could be leveraged by a superuser or a user with specific privileges, making it a non-issue for the vast majority.

The result is a flood of junk CVEs that are wasting the time of security teams and open-source maintainers. In some cases, these reports have even caused unnecessary panic and confusion.

The sources for this piece include an article in OpenSourceWatch.

Top Stories

Toyota confirms leak of 240GB of sensitive data in recent hack

Former Google CEO Eric Schmidt makes controversial comments

Study finds 94% of spreadsheets have critical errrors

Study says 94% of spreadsheets contain critical errors

Elon Musk claims DDoS attack caused issues in live-streamed interview with Trump – experts are skeptical

Google anti-trust ruling a financial disaster for Firefox

Related Articles

Cloudflare Launches Open Source Tool for Secure, Keyless SSH Authentication

March 30, 2025 Cloudflare has released an open-source tool called OPKSSH (OpenPubkey SSH), which allows developers and IT teams to use more...

Charities Consider Linux as Windows 11 Hardware Requirements Pose Challenges

March 16, 2025 Windows 10 will cease receiving security updates after October 2025, and this means charities and non-profit organizations face more...

Mozilla sued for discrimination and retaliation by Chief Product Officer Steve Teixeira

June 25, 2024 Mozilla Corporation, along with three of its executives, is facing a lawsuit in the US for alleged disability more...

A new open source AI rivals Llama 2

June 3, 2024 LLM360, in collaboration with MBZUAI and Petuum, has unveiled K2-65B, a cutting-edge large language model (LLM) boasting 65 more...

Jim Love

Jim Is and author and pud cast host with over 40 years in technology.

Share:
X/Twitter
Linkedin
Blue Sky
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.