Heap Buffer Overflow


A High-Severity Heap Buffer Overflow vulnerability was recently fixed in a patch  by Openssl Project.  This vulnerability affects the remote SSL servers that support the ChaCha20-Poly1305 cipher suite, and can be exploited to crash the SSL service. This High-Severity Heap Buffer Overflow vulnerability (CVE-2016-7054) is caused by an error when the ChaCha20-Poly1305 cipher suite is decrypting large amounts of application data. We will examine the root cause of this vulnerability in this post. The ChaCha20-Poly1305 cipher suite is... [Read More]
by RSS Dehui Yin  |  Nov 23, 2016  |  Filed in: Security Research