Описание
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | not-affected | |
| esm-apps/noble | not-affected | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needs-triage |
| hirsute | not-affected | 2.16.9-0.1ubuntu1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ...
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
Уязвимость функции mbedtls_ssl_read реализации протоколов TLS и SSL Mbed TLS, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5 Medium
CVSS2
7.5 High
CVSS3