漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
漏洞信息
N/A
漏洞
N/A
漏洞
ARM PolarSSL和ARM mbed TLS 基于堆的缓冲区溢出漏洞
漏洞信息
ARM mbed TLS(前称PolarSSL)是英国ARM公司的一款为mbed产品提供安全通讯和加密功能的产品。 ARM PolarSSL和ARM mbed TLS中存在基于堆的缓冲区溢出漏洞,该漏洞源于程序创建ClientHello消息时没有对server name indication(SNI)扩展的主机名执行正确的边界检查。远程攻击者可利用该漏洞造成拒绝服务(客户端崩溃),并执行任意代码。以下产品及版本受到影响:ARM PolarSSL 1.2.17之前1.x版本,ARM mbed TLS 1.3
漏洞信息
N/A
漏洞
N/A