mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-22 19:35:34 +00:00
Parse HelloVerifyRequest buffer overread: add changelog entry
This commit is contained in:
parent
d5c4a7cc11
commit
afbcf97c20
|
@ -20,6 +20,8 @@ Security
|
|||
timings on the comparison in the key generation enabled the attacker to
|
||||
learn leading bits of the ephemeral key used during ECDSA signatures and to
|
||||
recover the private key. Reported by Jeremy Dubeuf.
|
||||
* Fix a potentially remotely exploitable buffer overread in a
|
||||
DTLS client when parsing the Hello Verify Request message.
|
||||
|
||||
Bugfix
|
||||
* Remove redundant line for getting the bitlen of a bignum, since the variable
|
||||
|
|
Loading…
Reference in a new issue