FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mbedTLS/PolarSSL -- DoS and possible remote code execution

Affected packages
1.2.0 <= polarssl < 1.2.17
1.3.0 <= polarssl13 < 1.3.14
mbedtls < 2.1.2

Details

VuXML ID 07a1a76c-734b-11e5-ae81-14dae9d210b8
Discovery 2015-10-05
Entry 2015-10-15

ARM Limited reports:

When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension and the server name indication (SNI) extension.

References

CVE Name CVE-2015-5291
URL https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01