Comment on OpenSSL bug exposed up to 255 bytes of server heap and existed since 2011
qprimed@lemmy.ml 4 months ago
SSL_select_next_proto` buffer overread celebrating a decade of publishing your heap over the internet
ok, if that article tagline does not grab your attention, youre dead inside.
tl;dr
- current exploit unlikely, but historical exploits possible.
- roll aging secrets and be cautious about the integrity of older session data.