I'll bite... Has anybody reproduced Exim CVE-2019-15846, or tested a working PoC? The Qualys report seems to indicate that a trailing '\' in the SNI is all you need to trigger an OOB read. But even with an AddressSanitizer build of Exim, I've yet to see anything interesting.
-
-
I'm working on this as well Will, let you know results next week.
-
I initially thought that ~32KB away from a heap boundary was way too much for a crafted SNI alone to reach anything that affects heap operations. And that is correct. Here's the catch: *Multiple* attacker-provided fields can *cumulatively* cause ss to overwrite a chunk boundary.pic.twitter.com/TvSbIyCDqa
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.