CVE-2023-38545.md: add additional info

wip
curl · Oct 12, 2023 · 705e6eb · 705e6eb
1 parent 02147e0
commit 705e6eb
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/docs/CVE-2023-38545.md b/docs/CVE-2023-38545.md
@@ -91,6 +91,19 @@ Severity: High
 
 HackerOne: https://hackerone.com/reports/2187833
 
+ADDITIONAL INFO
+---------------
+
+Since the posting of this advisory, security researcher
+[RyotaK](https://hackerone.com/ryotak?type=user) has notified that even if the
+buffer size is large enough to prevent heap overflow an attacker can still use
+the integer overflow of hostname length in conjunction with a crafted hostname
+larger than 255 characters to make the handshake complete successfully. This
+could possibly be used to bypass an application's restrictions or content
+filter. Its impact is limited because whitespace is not allowed in hostnames
+and neither is \x00. Because of the latter "it's not possible to specify lower
+ports such as 80 or 443 because \x00 is not a valid character."
+
 AFFECTED VERSIONS
 -----------------