Add ChangeLog entry

2025-01-25 00:31:05 +00:00 · 2017-06-09 11:31:43 +01:00 · 2017-06-09 11:31:43 +01:00 · b9c09af596
parent 0401a3d888
commit b9c09af596
1 changed files with 5 additions and 0 deletions
--- a/5
+++ b/5
@ -3,6 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 1.3.x branch released xxxx-xx-xx

 Security
+   * Fixed unlimited overread of heap-based buffer in ssl_read().
+     The issue could only happen client-side with renegotiation enabled.
+     Could result in DoS (application crash) or information leak
+     (if the application layer sent data read from ssl_read()
+     back to the server or to a third party). Can be triggered remotely.
   * Add exponent blinding to RSA private operations as a countermeasure
     against side-channel attacks like the cache attack described in
     https://arxiv.org/abs/1702.08719v2.