Excessively long data is a cornerstone of security vulnerabilities. > I wonder i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

farness on June 1, 2014 | parent | context | favorite | on: CVE-2014-3466: GnuTLS buffer overflow

Excessively long data is a cornerstone of security vulnerabilities.

> I wonder if excessively long session id values can break something else as well?

Yes, with p~=1.

rikacomet on June 1, 2014 [–]

Indeed it is, but what I was curious to know more about the particular case of session IDs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact