lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-23 00:02:39 +03:00
Code Activity
Files
b51e0c7e5649659cef9a8b393eb49e1e76b557a4
mbedtls/ChangeLog.d/cookie_parsing_bug.txt
Andrzej Kurek 6b4f062cde Fix incorrect changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-17 07:37:36 -04:00

10 lines
575 B
Plaintext
Raw Blame History

Security
* Fix a buffer overread in DTLS ClientHello parsing in servers with
MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
after the end of the SSL input buffer. The buffer overread only happens
when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
and possibly up to 571 bytes with a custom cookie check function.
Reported by the Cybeats PSI Team.
View Git Blame Copy Permalink