Report Ignored by hackerone still works

Looping Page Causes Potential Buffer Overflow
dbms submitted a report to HackerOne.
January 2, 2024, 3pm UTC
Summary:
The manipulated URL parameters on HackerOne’s platform cause a perpetual looping page, potentially leading to a buffer overflow.
Description:
By modifying the URL parameters (program_states and limit) to excessively high values (e.g., 9999), the webpage enters an infinite loop, continuously refreshing without termination. This behavior may strain system resources and could potentially induce a buffer overflow, posing a security risk.
Steps To Reproduce
Access the following URL: https://hackerone.com/bugs?subject=user&report_id=9999&view=open&substates%5B%5D=new&substates%5B%5D=needs-more-info&substates%5B%5D=pending-program-review&substates%5B%5D=triaged&substates%5B%5D=pre-submission&substates%5B%5D=retesting&reported_to_team=&text_query=&program_states%5B%5D=2&program_states%5B%5D=3&program_states%5B%5D=4&program_states%5B%5D=9999&sort_type=latest_activity&sort_direction=descending&limit=9999&page=9999
Observe the incessant refresh cycle, indicating an ongoing loop without halting.
Impact
Impact
This issue could potentially lead to:
System Instability: Persistent looping may overload system resources, leading to instability and unresponsiveness.
Buffer Overflow Risk: Continuous looping might create conditions for a buffer overflow, posing a security threat.
Optional: Your Environment
Browser version, Device, etc.
1 attachment:
F2954294: Proof-of-Concept-Buffer-OverFlow.webm
h1_analyst_pranav

posted a comment.
January 3, 2024, 10:06am UTC
Hi @dbms ,
Thank you for your submission. I hope you are well. Your report is currently being reviewed and the HackerOne triage team will get back to you once there is additional information to share.
Have a great day!
Kind regards,
@h1_analyst_pranav
h1_analyst_pranav

closed the report and changed the status to Informative.
January 3, 2024, 10:06am UTC
Hey @dbms,
Thank you for your report!
After review, there doesn’t seem to be any significant security risk and/or security impact as a result of the behavior you are describing.
This doesn’t have any practical security impact. Also, this doesn’t directly impact other users.
As a result, we will be closing this report as informative. If you are able to leverage this into a practical exploitation scenario, we will be happy to reevaluate this report.
This will not have any impact on your Signal or Reputation score. We appreciate your effort and look forward to seeing more reports from you in the future.
Kind regards,
@h1_analyst_pranav
dbms

posted a comment.
January 3, 2024, 2:08pm UTC

Please elaborate further on this