mirror of
https://github.com/yuzu-mirror/mbedtls.git
synced 2026-01-06 00:30:14 +01:00
9 lines
493 B
Plaintext
9 lines
493 B
Plaintext
Security
|
|
* Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
|
|
client or server could cause an MbedTLS server or client to overread up
|
|
to 64 kBytes of data and potentially overread the input buffer by that
|
|
amount minus the size of the input buffer. As overread data undergoes
|
|
various checks, the likelihood of reaching the boundary of the input
|
|
buffer is rather small but increases as its size
|
|
MBEDTLS_SSL_IN_CONTENT_LEN decreases.
|