Full Disclosure mailing list archives

heartbleed OpenSSL bug CVE-2014-0160

From: Kirils Solovjovs <kirils.solovjovs () kirils com>
Date: Tue, 08 Apr 2014 03:10:06 +0300

We are doomed.

Description: http://www.openssl.org/news/vulnerabilities.html
Article dedicated to the bug: http://heartbleed.com/
Tool to check if TLS heartbeat extension is supported:
http://possible.lv/tools/hb/

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64kB of memory to a connected client or server.

1.0.1[ abcdef] affected.


P.S. Happy Monday!

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

heartbleed OpenSSL bug CVE-2014-0160 Kirils Solovjovs (Apr 07)
- Re: heartbleed OpenSSL bug CVE-2014-0160 Andrew Case (Apr 07)
- Re: heartbleed OpenSSL bug CVE-2014-0160 David H (Apr 08)
  - Re: heartbleed OpenSSL bug CVE-2014-0160 Joerg Mertin (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Jann Horn (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Francesc Guitart (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Javier Reoyo (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Carlos P (Apr 10)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 David H (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Matthew Musingo (Apr 08)
    - Re: heartbleed OpenSSL bug CVE-2014-0160 Craig Holmes (Apr 09)

(Thread continues...)