mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 13:20:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #9087 from ronald-cron-arm/add-cve-2024-30166-ref

Browse Source 
ChangeLog: Add missing reference to CVE in security entry
This commit is contained in:
Gilles Peskine 2024-05-02 15:47:43 +00:00 committed by GitHub
commit cedb011c50
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -144,6 +144,7 @@ Security
* Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
malicious client could cause information disclosure or a denial of service.
Fixes CVE-2024-30166.
* Passing buffers that are stored in untrusted memory as arguments
to PSA functions is now secure by default.
The PSA core now protects against modification of inputs or exposure