mbed TLS 多个漏洞修复 (CVE-2021-43666/CVE-2021-44732/CVE-2021-45450)

关键漏洞信息 漏洞概览 Bug ID: 829660 CVE ID: CVE-2021-43666, CVE-2021-44732, CVE-2021-45450 Component: Vulnerabilities Product: Gentoo Security Status: RESOLVED FIXED 漏洞详情 CVE-2021-45450: - Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). This could lead to an internal session buffer being freed twice. - CVE-2021-45450 was addressed by bumping versions to v2.16.12 and v2.28.0. CVE-2021-43666: - Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. 影响版本 Affected Versions: v2.16.x and v2.28.0 相关链接 GitHub Release v2.16.12 GitHub Release v2.28.0 Security Advisory 2021-12 时间线 Reported: 2021-12-19 22:15 UTC Modified: 2023-01-11 05:25 UTC Resolution: 2023-01-11

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

mbed TLS 多个漏洞修复 (CVE-2021-43666/CVE-2021-44732/CVE-2021-45450)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！