[3.8] mbedtls: Multiple vulnerabilities (CVE-2017-18187, CVE-2018-0487, CVE-2018-0488)ID: oval:org.secpod.oval:def:1801085 | Date: (C)2018-07-31 (M)2021-11-09 |
Class: PATCH | Family: unix |
CVE-2017-18187: Bounds-check bypass via integer overflow in ssl_srv.c:ssl_parse_client_psk_identity¶ In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity function in library/ssl_srv.c. Fixed In Version:¶ mbedtls 2.7.0
Platform: |
Alpine Linux 3.8 |