Hi, after analyzing the PoC script we (maintainers of the Ruby OpenSSL extension) consider CVE-2014-2734 to be invalid. Others have independently arrived at the same conclusion: [1][2] You may find a summary of our analysis at [3].
Regards, Martin Boßlet [1] https://github.com/adrienthebo/cve-2014-2734/ [2] https://news.ycombinator.com/item?id=7601973 [3] https://gist.github.com/emboss/91696b56cd227c8a0c13 _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
