mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 00:35:33 +00:00
Parse HelloVerifyRequest buffer overread: add changelog entry
This commit is contained in:
parent
d5c4a7cc11
commit
afbcf97c20
|
@ -20,6 +20,8 @@ Security
|
||||||
timings on the comparison in the key generation enabled the attacker to
|
timings on the comparison in the key generation enabled the attacker to
|
||||||
learn leading bits of the ephemeral key used during ECDSA signatures and to
|
learn leading bits of the ephemeral key used during ECDSA signatures and to
|
||||||
recover the private key. Reported by Jeremy Dubeuf.
|
recover the private key. Reported by Jeremy Dubeuf.
|
||||||
|
* Fix a potentially remotely exploitable buffer overread in a
|
||||||
|
DTLS client when parsing the Hello Verify Request message.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Remove redundant line for getting the bitlen of a bignum, since the variable
|
* Remove redundant line for getting the bitlen of a bignum, since the variable
|
||||||
|
|
Loading…
Reference in a new issue