ARM mbed TLS prior to 1.3.22, prior to 2.1.10, and prior to 2.7.0, when the truncated HMAC extension and CBC are used, allows remote malicious users to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arm mbed tls |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |