Add change log

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-12-24 17:41:01 +03:00 · 2022-06-17 15:38:26 +02:00
parent 2b1a43c101
commit e0d7367a9e
1 changed files with 8 additions and 0 deletions
--- a/ChangeLog.d/tls13-add-missing-overread-check.txt
+++ b/ChangeLog.d/tls13-add-missing-overread-check.txt
@@ -0,0 +1,8 @@
+Security
+    * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
+      client or server could cause an MbedTLS server or client to overread up
+      to 64 kBytes of data and potentially overread the input buffer by that
+      amount minus the size of the input buffer. As overread data undergoes
+      various checks, the likelihood of reaching the boundary of the input
+      buffer is rather small but increases as its size
+      MBEDTLS_SSL_IN_CONTENT_LEN decreases.