this post was submitted on 30 Jul 2024
9 points (100.0% liked)

Hacker News

2171 readers
1 users here now

A mirror of Hacker News' best submissions.

founded 2 years ago
MODERATORS
bot@lemmy.smeargle.fans
9
OpenSSL bug exposed up to 255 bytes of server heap and existed since 2011 (jbp.io)
submitted 1 year ago by bot@lemmy.smeargle.fans to c/hackernews@lemmy.smeargle.fans
1 comments fedilink hide all child comments
 

HN Discussion

top 1 comments
sorted by: hot top controversial new old
[–] qprimed@lemmy.ml 5 points 1 year ago

SSL_select_next_proto` buffer overread celebrating a decade of publishing your heap over the internet

ok, if that article tagline does not grab your attention, youre dead inside.

tl;dr

  • current exploit unlikely, but historical exploits possible.
  • roll aging secrets and be cautious about the integrity of older session data.