cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-04 02:52:38 -04:00
Code Issues Packages Projects Releases Wiki Activity
polarssl/ChangeLog.d/cookie_parsing_bug.txt
Andrzej Kurek 96d5439da5 Fix incorrect changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-10 04:26:08 -04:00

10 lines
575 B
Plaintext
Raw Blame History

Security
* Fix a buffer overread in DTLS ClientHello parsing in servers with
MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
after the end of the SSL input buffer. The buffer overread only happens
when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
and possibly up to 571 bytes with a custom cookie check function.
Reported by the Cybeats PSI Team.
Reference in New Issue View Git Blame Copy Permalink