> Does that mean this RCE is a heap based overflow? I/O buffers in openssl are generally (always?) from the heap, not on the stack. So yes in general, and yes in this specific case.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [email protected]; Twitter: RichSalz
