EUVD-2013-3640

Malware in sbrugna...

Vulnerability in OpenSSL - Excessive allocation of memory in tls_get_message_header()

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being...