Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mbed TLS 缓冲区错误漏洞
Vulnerability Description
Mbed TLS是一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 2.28.2之前版本、Mbed TLS 3.3.0 之前版本存在安全漏洞,该漏洞源于如果启用了 MBEDTLS_SSL_DTLS_CONNECTION_ID 且 MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX,则 DTLS 中可能存在基于堆的缓冲区溢出和基于堆的缓冲区过度读取。
CVSS Information
N/A
Vulnerability Type
N/A