Security vulnerabilities and automated fixes for tls issues
2 posts found
A critical heap buffer overflow vulnerability was discovered and patched in `src/ssl.c`, where improper bounds checking during ALPN/NPN protocol list construction could allow an attacker to corrupt heap memory and potentially execute arbitrary code. The fix addresses both the missing capacity validation and a dangerous integer overflow in size arithmetic that could lead to undersized allocations followed by out-of-bounds writes. Understanding this class of vulnerability is essential for any deve
A medium-severity vulnerability was discovered in a JavaScript streaming application where insecure WebSocket (ws://) connections were being used instead of secure WebSocket (wss://) connections. This security gap could expose sensitive data to man-in-the-middle attacks, allowing attackers to intercept and manipulate real-time communication between clients and servers.