It doesn't, it serializes the SNI name by applying backslash escaping, but fails to escape the escape character, and then incorrectly parses that serialized form.
Just in case any Exim users are reading here, you might want to be aware that Exim also does not check TLS certificates reliably, so any authentication credentials (as well as message contents, of course) that you might…
While this research is, as some have pointed out, mostly about implementation deficiencies in signature checking code, I want to point to my own earlier research that shows that the PDF standard is actually also…
It doesn't, it serializes the SNI name by applying backslash escaping, but fails to escape the escape character, and then incorrectly parses that serialized form.
Just in case any Exim users are reading here, you might want to be aware that Exim also does not check TLS certificates reliably, so any authentication credentials (as well as message contents, of course) that you might…
While this research is, as some have pointed out, mostly about implementation deficiencies in signature checking code, I want to point to my own earlier research that shows that the PDF standard is actually also…