VuXML ID | Description |
07a1a76c-734b-11e5-ae81-14dae9d210b8 | mbedTLS/PolarSSL -- DoS and possible remote code execution
ARM Limited reports:
When the client creates its ClientHello message, due to
insufficient bounds checking it can overflow the heap-based buffer
containing the message while writing some extensions. Two extensions in
particular could be used by a remote attacker to trigger the overflow:
the session ticket extension and the server name indication (SNI)
extension.
Discovery 2015-10-05 Entry 2015-10-15 polarssl
ge 1.2.0 lt 1.2.17
polarssl13
ge 1.3.0 lt 1.3.14
mbedtls
< 2.1.2
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-5291
|
f41e3e54-076b-11e7-a9f2-0011d823eebd | mbed TLS (PolarSSL) -- multiple vulnerabilities
Janos Follath reports:
- If a malicious peer supplies a certificate with a specially
crafted secp224k1 public key, then an attacker can cause the
server or client to attempt to free block of memory held on
stack. Depending on the platform, this could result in a Denial
of Service (client crash) or potentially could be exploited to
allow remote code execution with the same privileges as the host
application.
- If the client and the server both support MD5 and the client
can be tricked to authenticate to a malicious server, then the
malicious server can impersonate the client. To launch this man
in the middle attack, the adversary has to compute a
chosen-prefix MD5 collision in real time. This is very expensive
computationally, but can be practical. Depending on the
platform, this could result in a Denial of Service (client crash)
or potentially could be exploited to allow remote code execution
with the same privileges as the host application.
- A bug in the logic of the parsing of a PEM encoded Certificate
Revocation List in mbedtls_x509_crl_parse() can result in an
infinite loop. In versions before 1.3.10 the same bug results in
an infinite recursion stack overflow that usually crashes the
application. Methods and means of acquiring the CRLs is not part
of the TLS handshake and in the strict TLS setting this
vulnerability cannot be triggered remotely. The vulnerability
cannot be triggered unless the application explicitly calls
mbedtls_x509_crl_parse() or mbedtls_x509_crl_parse_file()on a PEM
formatted CRL of untrusted origin. In which case the
vulnerability can be exploited to launch a denial of service
attack against the application.
Discovery 2017-03-11 Entry 2017-03-12 mbedtls
< 2.4.2
polarssl13
< 1.3.19
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
|
953aaa57-6bce-11e5-9909-002590263bf5 | mbedTLS/PolarSSL -- multiple vulnerabilities
ARM Limited reports:
In order to strengthen the minimum requirements for connections and
to protect against the Logjam attack, the minimum size of
Diffie-Hellman parameters accepted by the client has been increased
to 1024 bits.
In addition the default size for the Diffie-Hellman parameters on
the server are increased to 2048 bits. This can be changed with
ssl_set_dh_params() in case this is necessary.
Discovery 2015-08-11 Entry 2015-10-06 polarssl
ge 1.2.0 lt 1.2.15
polarssl13
ge 1.3.0 lt 1.3.12
https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released
|
c2f107e1-2493-11e8-b3e8-001cc0382b2f | mbed TLS (PolarSSL) -- remote code execution
Simon Butcher reports:
- When the truncated HMAC extension is enabled and CBC is used,
sending a malicious application packet can be used to selectively
corrupt 6 bytes on the peer's heap, potentially leading to a
crash or remote code execution. This can be triggered remotely
from either side in both TLS and DTLS.
- When RSASSA-PSS signature verification is enabled, sending a
maliciously constructed certificate chain can be used to cause a
buffer overflow on the peer's stack, potentially leading to crash
or remote code execution. This can be triggered remotely from
either side in both TLS and DTLS.
Discovery 2018-02-05 Entry 2018-03-10 mbedtls
< 2.7.0
polarssl13
< 1.3.22
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
CVE-2018-0487
CVE-2018-0488
|
d8382a69-4728-11e8-ba83-0011d823eebd | mbed TLS (PolarSSL) -- multiple vulnerabilities
Simon Butcher reports:
- Defend against Bellcore glitch attacks by verifying the results
of RSA private key operations.
- Fix implementation of the truncated HMAC extension. The
previous implementation allowed an offline 2^80 brute force
attack on the HMAC key of a single, uninterrupted connection
(with no resumption of the session).
- Reject CRLs containing unsupported critical extensions. Found
by Falko Strenzke and Evangelos Karatsiolis.
- Fix a buffer overread in ssl_parse_server_key_exchange() that
could cause a crash on invalid input.
- Fix a buffer overread in ssl_parse_server_psk_hint() that could
cause a crash on invalid input.
Discovery 2018-03-21 Entry 2018-04-23 mbedtls
< 2.7.2
polarssl13
ge *
https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
|
5d280761-6bcf-11e5-9909-002590263bf5 | mbedTLS/PolarSSL -- multiple vulnerabilities
ARM Limited reports:
Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach
for PKCS#1 v1.5 signatures. These releases include countermeasures
against that attack.
Fabian Foerg of Gotham Digital Science found a possible client-side
NULL pointer dereference, using the AFL Fuzzer. This dereference can
only occur when misusing the API, although a fix has still been
implemented.
Discovery 2015-09-18 Entry 2015-10-06 polarssl
ge 1.2.0 lt 1.2.16
polarssl13
ge 1.3.0 lt 1.3.13
mbedtls
< 2.1.1
https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-polarssl-1.2.16-released
|
4084168e-b531-11e5-a98c-0011d823eebd | mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication
ARM Limited reports:
MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack
on TLS 1.2 server authentication. They have been disabled by default.
Other attacks from the SLOTH paper do not apply to any version of mbed
TLS or PolarSSL.
Discovery 2016-01-04 Entry 2016-01-07 polarssl13
< 1.3.16
mbedtls
< 2.2.1
https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released
|