espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-06-28 04:07:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix impact evaluation

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2022-06-16 09:50:04 +02:00 committed by Manuel Pégourié-Gonnard
parent d80d8a40ee
commit 8641102bc1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/buf-overread-use-psa-static-ecdh.txt
View File

@ -2,5 +2,5 @@ Security
* Fix a potential heap buffer overread in TLS 1.2 server-side when * Fix a potential heap buffer overread in TLS 1.2 server-side when
MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with MBEDTLS_USE_PSA_CRYPTO is enabled, an opaque key (created with
mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite mbedtls_pk_setup_opaque()) is provisioned, and a static ECDH ciphersuite
is selected. This may result in an application crash. No path to is selected. This may result in an application crash or potentially an
information leak has been identified. information leak.