CHANGES · 9330a85e0499f10752434c451977d65d80d8de19 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL · GitLab

Apr 06, 2014

Add heartbeat extension bounds check. · 731f4314

Dr. Stephen Henson authored Apr 06, 2014

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023)

731f4314

Add heartbeat extension bounds check.

Dr. Stephen Henson authored Apr 06, 2014

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023)

To find the state of this project's repository at the time of any of these versions, check out the tags.