[3.7] mbedtls: Multiple vulnerabilities (CVE-2017-18187, CVE-2018-0487, CVE-2018-0488)| ID: oval:org.secpod.oval:def:1801093 | Date: (C)2018-07-31 (M)2021-11-09 |
| Class: PATCH | Family: unix |
CVE-2017-18187: Bounds-check bypass via integer overflow in ssl_srv.c:ssl_parse_client_psk_identity¶ In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity function in library/ssl_srv.c. Fixed In Version:¶ mbedtls 2.7.0
| Platform: |
| Alpine Linux 3.7 |
