Source: mbedtls Version: 2.1.2-1 Severity: grave Tags: security https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Vulnerability When the truncated HMAC extension is enabled and CBC is used, sending a malicious application packet can be used to selectively corrupt 6 bytes on the peer's heap, potentially leading to a crash or remote code execution. This can be triggered remotely from either side in both TLS and DTLS. If the truncated HMAC extension, which can be set by the compile time option MBEDTLS_SSL_TRUNCATED_HMAC in config.h, is disabled when compiling the library, then the vulnerability is not present. The truncated HMAC extension is enabled in the default configuration. The vulnerability is only present if * The compile-time option MBEDTLS_SSL_TRUNCATED_HMAC is set in config.h. (It is set by default) AND * The truncated HMAC extension is explicitly offered by calling mbedtls_ssl_conf_truncated_hmac(). (It is not offered by default) Impact Depending on the platform, an attack exploiting this vulnerability could lead to an application crash or allow remote code execution. Resolution Affected users should upgrade to Mbed TLS 1.3.22, Mbed TLS 2.1.10 or Mbed TLS 2.7.0. Workaround Users should wherever possible upgrade to the newer version of Mbed TLS. Where this is not practical, users should consider disabling the truncated HMAC extension by removing any call to mbedtls_ssl_conf_truncated_hmac() in their application, and the option MBEDTLS_SSL_TRUNCATED_HMAC in the Mbed TLS configuration is practical for their application.
Description: OpenPGP digital signature