Source: mbedtls
Version: 2.1.2-1
Severity: grave
Tags: security

When RSASSA-PSS signature verification is enabled, sending a maliciously
constructed certificate chain can be used to cause a buffer overflow on
the peer's stack, potentially leading to crash or remote code execution.
This can be triggered remotely from either side in both TLS and DTLS.

RSASSA-PSS is the part of PKCS #1 v2.1 standard and can be enabled by
the compile time option MBEDTLS_PKCS1_V21 in config.h. If
MBEDTLS_PKCS1_V21 is disabled when compiling the library, then the
vulnerability is not present. RSASSA-PSS signatures are enabled in the
default configuration.

Depending on the platform, an attack exploiting this vulnerability could
lead to an application crash or remote code execution.

Affected users should upgrade to Mbed TLS 1.3.22, Mbed TLS 2.1.10 or
Mbed TLS 2.7.0.

Users should wherever possible upgrade to the newer version of Mbed TLS.
Where this is not practical, users should consider if disabling the
option MBEDTLS_PKCS1_V21 in the Mbed TLS configuration is practical for
their application. Disabling RSASSA-PSS signatures in the verification
profile at runtime is not a sufficient countermeasure.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to