Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ARM mbed TLS 基于堆的缓冲区溢出漏洞
Vulnerability Description
ARM mbed TLS(前称PolarSSL)是英国ARM公司的一款为mbed产品提供安全通讯和加密功能的产品。 ARM mbed TLS 1.3.14之前1.3.x版本和2.1.2之前2.x版本中存在基于堆的缓冲区溢出漏洞,该漏洞源于程序创建ClientHello消息时没有对session ticket扩展的session ticket名称执行正确的边界检查。远程攻击者可利用该漏洞造成拒绝服务(客户端崩溃),并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A