Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Denial of Service in latest version [1.2.3] #52
Please confirm if it is vulnerable.
New format does not allocate any memory until HMAC check passes, which guards against untrusted input. All encryption components have been updated to use the new header, while preserving backward compatibility to decrypt messages encrypted with the old format. The decoding process for the old header has been hardened to impose reasonable limits on header fields: nonce sizes up to 255 bytes, key names up to 500 bytes. Fixes vt-middleware#52.