Actions
Bug #3853
closedMulti-byte Heap buffer over-read in ssl parser
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport, Needs backport to 4.1, Needs backport to 5.0
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24534
Problem is reuse of session_id_length
in different contexts : SSLv2 and TLSv1.3
Actions