PT-2015-6835 · Arm+2 · Mbed Tls+3

Guido Vranken

Publicado

2015-11-02

Atualizado

2026-06-05

CVE-2015-5291

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PolarSSL versions 1.x through 1.2.16 ARM mbed TLS (formerly PolarSSL) versions 1.3.x through 1.3.13 ARM mbed TLS (formerly PolarSSL) versions 2.x through 2.1.1

Description A heap-based buffer overflow issue exists, allowing remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code. This occurs when a long hostname is sent to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message.

Recommendations For PolarSSL versions 1.x through 1.2.16, update to version 1.2.17 or later. For ARM mbed TLS (formerly PolarSSL) versions 1.3.x through 1.3.13, update to version 1.3.14 or later. For ARM mbed TLS (formerly PolarSSL) versions 2.x through 2.1.1, update to version 2.1.2 or later.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-1956

CVE-2015-5291

DLA-331-1

DSA-3468-1

MGASA-2016-0054

OPENSUSE-SU-2015_2257-1

OPENSUSE-SU-2024:10088-1

OPENSUSE-SU-2024:12903-1

Produtos afetados

Alt Linux

Polarssl

Suse

Mbed Tls

PT-2015-6835 · Arm+2 · Mbed Tls+3

CVE-2015-5291

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37