https://github.com/openssl/openssl/commit/731f431497f463f3a2...
> A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
Previous discussion: https://news.ycombinator.com/item?id=7557825
Amelek is being a bit harsh or just plain wrong; I learned a few days ago that checking malloc's return value means almost nothing:
https://news.ycombinator.com/item?id=7541585
https://github.com/openssl/openssl/commit/731f431497f463f3a2...
> A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
Previous discussion: https://news.ycombinator.com/item?id=7557825