• qprimed
    link
    fedilink
    arrow-up
    5
    ·
    5 个月前

    SSL_select_next_proto` buffer overread celebrating a decade of publishing your heap over the internet

    ok, if that article tagline does not grab your attention, youre dead inside.

    tl;dr

    • current exploit unlikely, but historical exploits possible.
    • roll aging secrets and be cautious about the integrity of older session data.