![]() ![]() ![]() The federal Canadian Cyber Incident Response Centre issued a security bulletin advising system administrators about the bug. Heartbleed was registered in the Common Vulnerabilities and Exposures database as CVE- 2014-0160. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed. Thus, the bug's name derived from heartbeat. It resulted from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. ![]() It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. Riku, Antti, and Matti ( Codenomicon). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |