mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-14 01:26:49 +00:00
Merge pull request #9089 from ronald-cron-arm/add-cve-2024-30166-ref-3.6
[Backport 3.6] ChangeLog: Add missing reference to CVE in security entry
This commit is contained in:
commit
82cd3d1014
@ -144,6 +144,7 @@ Security
|
||||
* Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
|
||||
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
|
||||
malicious client could cause information disclosure or a denial of service.
|
||||
Fixes CVE-2024-30166.
|
||||
* Passing buffers that are stored in untrusted memory as arguments
|
||||
to PSA functions is now secure by default.
|
||||
The PSA core now protects against modification of inputs or exposure
|
||||
|
Loading…
x
Reference in New Issue
Block a user