Details
-
Bug
-
Status: Resolved
-
Normal
-
Resolution: Fixed
-
None
-
Degradation - Resource Management
-
Normal
-
Normal
-
User Report
-
All
-
None
-
Description
This is failing owasp:
https://nvd.nist.gov/vuln/detail/CVE-2023-34462
The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap.