Adapt ChangeLog

2024-11-26 15:45:43 +01:00 · 2017-11-20 10:43:35 +00:00 · 2017-11-20 10:43:35 +00:00 · b09c5721f5
commit b09c5721f5
parent ce516ff449
1 changed files with 8 additions and 0 deletions
--- a/8
+++ b/8
@ -3,6 +3,14 @@ mbed TLS ChangeLog (Sorted per branch, date)

 = mbed TLS 2.1.10 branch released 2017-xx-xx

+Security
+   * Fix heap corruption in implementation of truncated HMAC extension.
+     When the truncated HMAC extension is enabled and CBC is used,
+     sending a malicious application packet can be used to selectively
+     corrupt 6 bytes on the peer's heap, potentially leading to crash or
+     remote code execution. This can be triggered remotely from either
+     side in both TLS and DTLS.
+
 Bugfix
   * Fix ssl_parse_record_header() to silently discard invalid DTLS records
     as recommended in RFC 6347 Section 4.1.2.7.