From 8641102bc16a8193d93721f222729e5a07252fc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Jun 2022 09:50:04 +0200 Subject: [PATCH] Fix impact evaluation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/buf-overread-use-psa-static-ecdh.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt b/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt index 023c73082..84b9f790d 100644 --- a/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt +++ b/ChangeLog.d/buf-overread-use-psa-static-ecdh.txt @@ -2,5 +2,5 @@ Security * Fix a potential heap buffer overread in TLS 1.2 server-side when MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite - is selected. This may result in an application crash. No path to - information leak has been identified. + is selected. This may result in an application crash or potentially an + information leak.