Name of the Vulnerable Software and Affected Versions mbedtls versions prior to 1.3.18

Description The issue concerns a non-default configuration option in mbedtls that could lead to session key recovery in very long TLS sessions. Additionally, there was a potential for stack corruption, although it cannot be triggered remotely. Several bugs have also been fixed.

Recommendations For versions prior to 1.3.18, update to version 1.3.18 to resolve the issue.