Описание
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.4.2-1 |
| bionic | not-affected | 2.4.2-1 |
| cosmic | not-affected | 2.4.2-1 |
| devel | not-affected | 2.4.2-1 |
| disco | not-affected | 2.4.2-1 |
| esm-apps/bionic | not-affected | 2.4.2-1 |
| esm-apps/xenial | released | 2.2.1-2ubuntu0.1 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| precise | not-affected | |
| precise/esm | DNE | precise was not-affected |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needs-triage |
Показывать по
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
An exploitable free of a stack pointer vulnerability exists in the x50 ...
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
6.8 Medium
CVSS2
8.1 High
CVSS3