Merge remote-tracking branch 'restricted/pr/670' into mbedtls-2.16-restricted

* restricted/pr/670: Parse HelloVerifyRequest buffer overread: add changelog entry Parse HelloVerifyRequest: avoid buffer overread at the start Parse HelloVerifyRequest: avoid buffer overread on the cookie
2025-12-21 21:36:21 +01:00 · 2020-04-09 11:56:09 +02:00 · 2020-04-09 11:56:09 +02:00 · ef98d49997
commit ef98d49997
parent 3a1b209f9e afbcf97c20
2 changed files with 16 additions and 2 deletions
--- a/2
+++ b/2
@ -8,6 +8,8 @@ Security
     untrusted operating system attacking a secure enclave) to fully recover
     an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
     Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
+   * Fix a potentially remotely exploitable buffer overread in a
+     DTLS client when parsing the Hello Verify Request message.

 Bugfix
   * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and