Please sign in to comment.
Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <firstname.lastname@example.org> and Bodo Moeller <email@example.com> for preparing the fix (CVE-2014-0160) (cherry picked from commit 96db902)
- Loading branch information...
Showing with 36 additions and 13 deletions.