OpenSSL bug exposed up to 255 bytes of server heap and existed since 2011

⁨8⁩ ⁨likes⁩

Submitted ⁨⁨11⁩ ⁨months⁩ ago⁩ by ⁨bot@lemmy.smeargle.fans [bot]⁩ to ⁨hackernews@lemmy.smeargle.fans⁩

https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html

Comments

Sort:hotnew top

qprimed@lemmy.ml ⁨11⁩ ⁨months⁩ ago
SSL_select_next_proto` buffer overread celebrating a decade of publishing your heap over the internet

ok, if that article tagline does not grab your attention, youre dead inside.

tl;dr

current exploit unlikely, but historical exploits possible.

roll aging secrets and be cautious about the integrity of older session data.
source