[Ach] GnuTLS Buffer-overflow in ServerHello SessionID parsing

Aaron Zauner azet at azet.org
Sun Jun 1 23:12:44 CEST 2014

Previous message: [Ach] GnuTLS Buffer-overflow in ServerHello SessionID parsing
Next message: [Ach] next meeting in Vienna tomorrow, Tue 18:00 CET
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ohai,

On 06/01/2014 03:57 PM, Aaron Zauner wrote:
> :/
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1101932

This seems to work, wrote a short PoC:
https://github.com/azet/CVE-2014-3466_PoC

There's a pretty good analysis of the bug:
http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/

Aaron

Previous message: [Ach] GnuTLS Buffer-overflow in ServerHello SessionID parsing
Next message: [Ach] next meeting in Vienna tomorrow, Tue 18:00 CET
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Ach mailing list