PT-2017-19416 — Arm Mbed Tls

PT-2017-19416 · Arm · Mbed Tls

Published

2017-01-29

Updated

2017-01-29

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions mbedtls versions prior to 1.3.18

Description The issue concerns a non-default configuration option in mbedtls that could lead to session key recovery in very long TLS sessions. Additionally, there was a potential for stack corruption, although it cannot be triggered remotely. Several bugs have also been fixed.

Recommendations For versions prior to 1.3.18, update to version 1.3.18 to resolve the issue.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

MGASA-2017-0030

Affected Products

Mbed Tls