An issue exists in Mbed TLS prior to 2.24.0 (and prior to 2.16.8 LTS and prior to 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arm mbed tls |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |