Описание
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.8.0-1 |
| cosmic | not-affected | 2.8.0-1 |
| devel | not-affected | 2.8.0-1 |
| disco | not-affected | 2.8.0-1 |
| eoan | not-affected | 2.8.0-1 |
| esm-apps/bionic | not-affected | 2.8.0-1 |
| esm-apps/xenial | released | 2.2.1-2ubuntu0.3 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needed |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through a ...
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3