[openssl-dev] Testing CVE-2016-6309
Matt Caswell
matt at openssl.org
Wed Apr 5 22:25:51 UTC 2017
On 05/04/17 19:24, Lysoněk Milan wrote:
> Hello,
> I'd like to make test for CVE-2016-6309
> https://www.openssl.org/news/secadv/20160926.txt in tlsfuzzer. I tried
> combining and sending different lengths (from small lengths to large) of
> application data and padding, but I could not trigger this issue on
> mentioned OpenSSL 1.1.0a.
>
> Is there any way, how can I test it and if yes, then how?
Can you reproduce it using the fuzz corpora added in commit 44f206aa9df,
or by running the large message test introduced in 84d5549e69?
Matt
More information about the openssl-dev
mailing list