Remote client memory corruption in ssl_add_clienthello_tlsext()

Disclosed: 2016-12-30 13:16:26 By guido To ibb

Unknown

Vulnerability Details

https://guidovranken.wordpress.com/2016/10/13/openssl-1-1-0-remote-client-memory-corruption-in-ssl_add_clienthello_tlsext/ OpenSSL is not treating this as a security vulnerability because 1) session tickets need to be enabled 2) request certificate status from server 3) an unrealistically large ALPN list set. Reporting this for reputation points.

Actions

View on HackerOne

Report Stats

Report ID: 175766
State: Closed
Substate: resolved
Upvotes: 6

Remote client memory corruption in ssl_add_clienthello_tlsext()

Vulnerability Details

Actions

Report Stats

Share this report