so the openssl things are not exploitable
why is this critical
@haskal it can be I think? either with a sketchy CA, or in applications where you have to verify client certificates
@f0x no as in let's assume the best possible scenario where you have a server u can upload certs to and it runs openssl x509 on them or something
it's still not, as far as i've seen, actually exploitable. you'll crash the openssl but you won't get a shell
Small server part of the pixie.town infrastructure. Registration is closed.
fuchsiaaaaaaaaaaaaaaaaa
@f0x no as in let's assume the best possible scenario where you have a server u can upload certs to and it runs openssl x509 on them or something
it's still not, as far as i've seen, actually exploitable. you'll crash the openssl but you won't get a shell