Security vulnerabilities and automated fixes for scram sha 256 issues
1 post found
A critical buffer overflow vulnerability was discovered and patched in Odyssey's SCRAM-SHA-256 authentication implementation, where six unchecked `memcpy` calls allowed unauthenticated attackers to corrupt heap memory by sending crafted oversized fields during authentication. This type of vulnerability is especially dangerous because it requires no credentials to exploit — any client initiating a connection could trigger it. The fix enforces proper length validation before every memory copy oper