Parse HelloVerifyRequest buffer overread: add changelog entry

2024-11-22 10:55:38 +01:00 · 2019-09-27 14:07:00 +02:00 · 2019-09-27 14:07:00 +02:00 · afbcf97c20
commit afbcf97c20
parent d5c4a7cc11
1 changed files with 2 additions and 0 deletions
--- a/2
+++ b/2
@ -20,6 +20,8 @@ Security
     timings on the comparison in the key generation enabled the attacker to
     learn leading bits of the ephemeral key used during ECDSA signatures and to
     recover the private key. Reported by Jeremy Dubeuf.
+   * Fix a potentially remotely exploitable buffer overread in a
+     DTLS client when parsing the Hello Verify Request message.

 Bugfix
   * Remove redundant line for getting the bitlen of a bignum, since the variable