Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Misreads of much less than that have been exploitable in the past.


Depends a lot on the specifics. For example heartbleed was a misread that led to the buffer being sent on the socket. And I think it was more than 32 bits. 32 bits of garbage into a log file that needs privileges to read sounds a tad less scary, but like I say, not out of the question to be harmful.


> Depends a lot on the specifics. For example heartbleed was a misread that led to the buffer being sent on the socket. And I think it was more than 32 bits. 32 bits of garbage into a log file that needs privileges to read sounds a tad less scary, but like I say, not out of the question to be harmful.

If you can do it a lot of times, though, that changes matters.


32 bits is plenty to effectively break ASLR or significantly weaken a cryptographic key.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: