Analysis of OpenSSL ChaCha20-Poly1305 Heap Buffer Overflow (CVE-2016-7054)

A High-Severity Heap Buffer Overflow vulnerability was recently fixed in a patch  by Openssl Project.  This vulnerability affects the remote SSL servers that support the ChaCha20-Poly1305 cipher suite, and can be exploited to crash the SSL service. This High-Severity Heap Buffer Overflow vulnerability (CVE-2016-7054) is caused by an error when the ChaCha20-Poly1305 cipher suite is decrypting large amounts of application data. We will examine the root cause of this vulnerability in this post. The ChaCha20-Poly1305 cipher suite is...

Leave a Reply