[3.8] mbedtls: Multiple vulnerabilities (CVE-2017-18187, CVE-2018-0487, CVE-2018-0488)
CVE-2017-18187: Bounds-check bypass via integer overflow in ssl_srv.c:ssl_parse_client_psk_identity()
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an
integer overflow in PSK
identity parsing in the ssl_parse_client_psk_identity() function in
library/ssl_srv.c.
Fixed In Version:
mbedtls 2.7.0
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-18187
Patch:
https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28
CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows
remote attackers to execute arbitrary
code or cause a denial of service (buffer overflow) via a crafted
certificate chain that is mishandled during
RSASSA-PSS signature verification within a TLS or DTLS session.
Fixed In Version:
mbedtls 1.3.22, mbedtls 2.1.10, mbedtls 2.7.0
References:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
https://nvd.nist.gov/vuln/detail/CVE-2018-0487
Patch:
https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the
truncated HMAC extension and CBC are used,
allows remote attackers to execute arbitrary code or cause a denial of
service (heap corruption) via a crafted application
packet within a TLS or DTLS session.
Fixed In Version:
mbedtls 1.3.22, mbedtls 2.1.10, mbedtls 2.7.0
References:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
https://nvd.nist.gov/vuln/detail/CVE-2018-0488
Patches:
https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
(from redmine: issue id 8835, created on 2018-04-24, closed on 2018-07-30)
- Relations:
- copied_to #8834 (closed)
- parent #8834 (closed)
- Changesets:
- Revision 44a52d56 on 2018-06-11T14:20:36Z:
community/mbedtls: security upgrade to 2.7.0
CVE-2017-18187, CVE-2018-0487, CVE-2018-0488
Fixes #8835