Please sign in to comment.
Add heartbeat extension bounds check.
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <email@example.com> and Bodo Moeller <firstname.lastname@example.org> for preparing the fix (CVE-2014-0160)
- Loading branch information
Showing with 36 additions and 13 deletions.