alt Hacker News> Checking if a real vulnerability can be triggered is a trivial task compared to finding one
Have you ever tried to write PoC for any CVE?
This statement is wrong. Sometimes bug may exist but be impossible to trigger/exploit. So it is not trivial at all.
Replies
Firstly I have a long past in computer security, so: yes, I used to write exploits. Second, the vulnerability verification does not need being able to exploit, but triggering an ASAN assert. With memory corruption that's very simple often times and enough to verify the bug is real.
I'm not GP, but I've written multiple PoCs for vulns. I agree with GP. Finding a vuln is often very hard. Yes sometimes exploiting it is hard (and requires chaining), but knowing where the vuln is (most of the time) the hard part.
Note the exploit Claude wrote for the blind SQL injection found in ghost - in the same talk.
oh no. Antirez doesn't know anything about C, CVE's, networking, the linux kernel. Wonder where that leaves most of us.
I'm tickled at the idea of asking antirez [1] if he's ever written a PoC for a CVE.
[1] https://en.wikipedia.org/wiki/Salvatore_Sanfilippo