A group of hackers claims to have identified a new vulnerability in the latest version of OpenSSL. They say theyve found a security hole thats similar to the now infamous Heartbleed bug in OpenSSL 1.0.1g, but experts are questioning their claims.
We have just found an vulnerability in the patched version OpenSSL. A missing bounds check in the handling of the variable DOPENSSL_NO_HEARTBEATS. We could successfully Overflow the DOPENSSL_NO_HEARTBEATS and retrieve 64kb …
Comments are closed.
