mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ChangeLog: Add missing reference to CVE in security entry

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-05-02 15:36:16 +02:00
parent 8c2b301b82
commit 68613a46ce
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -144,6 +144,7 @@ Security
* Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3 * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
malicious client could cause information disclosure or a denial of service. malicious client could cause information disclosure or a denial of service.
Fixes CVE-2024-30166.
* Passing buffers that are stored in untrusted memory as arguments * Passing buffers that are stored in untrusted memory as arguments
to PSA functions is now secure by default. to PSA functions is now secure by default.
The PSA core now protects against modification of inputs or exposure The PSA core now protects against modification of inputs or exposure