Merge remote-tracking branch 'upstream-public/pr/1094' into development

2026-01-07 23:18:59 +01:00 · 2017-11-23 20:02:46 +01:00 · 2017-11-23 20:02:46 +01:00 · 68306ed31f
commit 68306ed31f
parent 5eafc74154 9cfabe3597
5 changed files with 130 additions and 12 deletions
--- a/10
+++ b/10
@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date)

 = mbed TLS x.x.x branch released xxxx-xx-xx

+Security
+   * Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by
+     default enabled) maximum fragment length extension is disabled in the
+     config and the application data buffer passed to mbedtls_ssl_write
+     is larger than the internal message buffer (16384 bytes by default), the
+     latter overflows. The exploitability of this issue depends on whether the
+     application layer can be forced into sending such large packets. The issue
+     was independently reported by Tim Nordell via e-mail and by Florin Petriuc
+     and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707.
+
 Features
   * Allow comments in test data files.