Skip to content
  • Dr. Stephen Henson's avatar
    Add heartbeat extension bounds check. · 731f4314
    Dr. Stephen Henson authored
    A missing bounds check in the handling of the TLS heartbeat extension
    can be used to reveal up to 64k of memory to a connected client or
    server.
    
    Thanks for Neel Mehta of Google Security for discovering this bug and to
    Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
    preparing the fix (CVE-2014-0160)
    (cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
    731f4314
To find the state of this project's repository at the time of any of these versions, check out the tags.