mbed TLS (PolarSSL) -- multiple vulnerabilities
Details
| VuXML ID |
d8382a69-4728-11e8-ba83-0011d823eebd |
| Discovery |
2018-03-21 |
| Entry |
2018-04-23 |
Simon Butcher reports:
- Defend against Bellcore glitch attacks by verifying the results
of RSA private key operations.
- Fix implementation of the truncated HMAC extension. The
previous implementation allowed an offline 2^80 brute force
attack on the HMAC key of a single, uninterrupted connection
(with no resumption of the session).
- Reject CRLs containing unsupported critical extensions. Found
by Falko Strenzke and Evangelos Karatsiolis.
- Fix a buffer overread in ssl_parse_server_key_exchange() that
could cause a crash on invalid input.
- Fix a buffer overread in ssl_parse_server_psk_hint() that could
cause a crash on invalid input.
References
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.