"Since 2011, a bug has existed in OpenSSL that... Silently sends up to 255 bytes of the client’s heap to the server."
https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html
Affects older versions of Node, Python and Android.
Meeting the necessary "constraints is quite unlikely nowadays"
#security #openssl #python #node #android
dethos / Gonçalo Valério
npub1c8…lvmv9
2024-07-30 18:34:50
Author Public Key
npub1c86s34sfthe0yx4dp2sevkz2njm5lqz0arscrkhjqhkdexn5kuqqtlvmv9Published at
2024-07-30 18:34:50Event JSON
{
"id": "94ecf7b457d6787c8ba4fb148ed609de6f2568adce0eacb4cd385971c2e2a788",
"pubkey": "c1f508d6095df2f21aad0aa196584a9cb74f804fe8e181daf205ecdc9a74b700",
"created_at": 1722364490,
"kind": 1,
"tags": [
[
"t",
"security"
],
[
"t",
"openssl"
],
[
"t",
"python"
],
[
"t",
"node"
],
[
"t",
"android"
]
],
"content": "\"Since 2011, a bug has existed in OpenSSL that... Silently sends up to 255 bytes of the client’s heap to the server.\"\n\nhttps://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html\n\nAffects older versions of Node, Python and Android.\n\nMeeting the necessary \"constraints is quite unlikely nowadays\"\n\n#security #openssl #python #node #android",
"sig": "91614dfc1d181ad73c1dd145106c8de8f93bbaf6a679874ce19883cbc29c2362ac05c41c148eb370dccc2aae5f37f92f617c6687b6fcec30e7d9ac6220a77106"
}