back to article OpenSSL pushes trio of DoS-busting patches

OpenSSL's released patches for a trio of denial-of-service bugs. The first (CVE-2017-3731), turned up by Google's Robert Święcki, only affects SSL/TLS servers running on 32-bit hosts. Depending on the cipher the host is using, a truncated packet crashes the system by triggering an out-of-bounds read. It's version-specific: …

  1. asdf

    good news I guess

    Considering just a few years ago OpenSSL was the mother of all hairballs I guess its somewhat comforting that the fixes now are largely for DOS stuff as opposed to sending your private keys in plaintext to Russia stuff. The threat of the LibreSSL fork taking over really lit a fire under their ass.

    Edit: forgot about this >“The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers”,

    Beware the monster with 5 eyes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020