A bug in s2n-tls results in the inadvertent copying of memory when configuring session ticket names. As a result, s2n-tls servers which set a session ticket name with length less than 16 bytes can potentially disclose some random memory. Servers which set a 16-byte name are unaffected.
No AWS service was affected by this issue and customers of AWS services do not need to take action. Server applications using s2n-tls with session resumption should update to the most recent version.
All versions of s2n-tls from commit cc339f5 to c947a22 are affected by this issue. s2n-tls users should fetch s2n-tls commit e6e8b6a.
A bug in s2n-tls results in the inadvertent copying of memory when configuring session ticket names. As a result, s2n-tls servers which set a session ticket name with length less than 16 bytes can potentially disclose some random memory. Servers which set a 16-byte name are unaffected.
No AWS service was affected by this issue and customers of AWS services do not need to take action. Server applications using s2n-tls with session resumption should update to the most recent version.
All versions of s2n-tls from commit cc339f5 to c947a22 are affected by this issue. s2n-tls users should fetch s2n-tls commit e6e8b6a.