Thijs Alkemade
Thijs Alkemade
Sorry, I meant leaking as in "revealing to random people on the internet", not leaking as the usual meaning of leaving inaccessible data in memory. That workaround might work, but...
A CVE id has been assigned for this issue: CVE-2015-2058. The out-of-bounds reading by libidn has been assigned a different id, CVE-2015-2059.
The underlying problem appears to be that strophe.js fails to base64-encode non-ASCII UTF8: https://github.com/strophe/strophejs/pull/136 https://github.com/strophe/strophejs/issues/147
I think I’ve been having the same issue. I have Microsoft Defender installed as a second content filter and I see SSH connections getting corrupted quite often. Even connections to...
I just had a closer look to determine if the firmware for all targets has stack canaries enabled. I found that for 2.3.10.d19607b Beta all ARM based boards do not...
I've looked over the changes and I think this correctly fixes the vulnerability. Thank you for addressing it! The only thing that looks a bit odd to me is the...
> this adds a 16 bytes hash after the message 16 bytes is ideal, but shorter authentication tags can be used for AES-GCM/AES-CCM. 12 bytes would still be fine, and...
I'm a bit confused why this issue is reported only for the admin channel, and (as it appears currently) only addressed for the admin channel. Any private channel would be...