8Kas
why CVE-2019-0231 is critical? [closed]
I am looking at this vulnerability: CVE-2019-0231 The NVD description says:
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward.
I can't see how an attacker could benefit from this vulnerability. How can I tell if this vulnerability is a risk in my code? and how can it be exploited by a malicous user? (due to complexity I can't upgrade the library)
