Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ARM PolarSSL和ARM mbed TLS 基于堆的缓冲区溢出漏洞
Vulnerability Description
ARM mbed TLS(前称PolarSSL)是英国ARM公司的一款为mbed产品提供安全通讯和加密功能的产品。 ARM PolarSSL和ARM mbed TLS中存在基于堆的缓冲区溢出漏洞,该漏洞源于程序创建ClientHello消息时没有对server name indication(SNI)扩展的主机名执行正确的边界检查。远程攻击者可利用该漏洞造成拒绝服务(客户端崩溃),并执行任意代码。以下产品及版本受到影响:ARM PolarSSL 1.2.17之前1.x版本,ARM mbed TLS 1.3
CVSS Information
N/A
Vulnerability Type
N/A