cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-30 17:09:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add change log

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2022-06-17 15:38:26 +02:00
parent 2b1a43c101
commit e0d7367a9e
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog.d/tls13-add-missing-overread-check.txt Normal file
View File

@ -0,0 +1,8 @@
Security
* Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
client or server could cause an MbedTLS server or client to overread up
to 64 kBytes of data and potentially overread the input buffer by that
amount minus the size of the input buffer. As overread data undergoes
various checks, the likelihood of reaching the boundary of the input
buffer is rather small but increases as its size
MBEDTLS_SSL_IN_CONTENT_LEN decreases.