SSL/TLS heartbeat read overrun aka 64kb memory leak (CVE-2014-0160)

OpenSSL released a bug advisory about a 64kb memory leak patch [1] in their library. The bug has been assigned CVE-2014-0160 SSL/TLS heartbeat read overrun (Technical: 64kb memory leak). According to http://www.openssl.org/news/openssl-1.0.1-notes.html the heartbeat extension was introduced in March 2012 with the release of version 1.0.1 of OpenSSL. This implies…

*** This is a Security Bloggers Network syndicated blog from Alert Logic – Blogs Feed authored by n Stephen Cotyn. Read the original post at: https://blog.alertlogic.com/blog/ssl/tls-heartbeat-read-overrun-aka-64kb-memory-leak-(cve-2014-0160)/