Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ARM mbedTLS 安全漏洞
Vulnerability Description
ARM mbedTLS是英国ARM公司的一款为mbed产品提供安全通讯和加密功能的产品。 ARM mbedTLS 2.7.0及之前版本中的‘mbedtls_ssl_get_verify_result()’函数存在安全漏洞,该漏洞源于程序没有正确的签名证书。攻击者可利用该漏洞使其接受使用ECDSA签名的证书。
CVSS Information
N/A
Vulnerability Type
N/A