Source: mbedtls Version: 2.1.2-1 Severity: grave Tags: security https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Vulnerability When RSASSA-PSS signature verification is enabled, sending a maliciously constructed certificate chain can be used to cause a buffer overflow on the peer's stack, potentially leading to crash or remote code execution. This can be triggered remotely from either side in both TLS and DTLS. RSASSA-PSS is the part of PKCS #1 v2.1 standard and can be enabled by the compile time option MBEDTLS_PKCS1_V21 in config.h. If MBEDTLS_PKCS1_V21 is disabled when compiling the library, then the vulnerability is not present. RSASSA-PSS signatures are enabled in the default configuration. Impact Depending on the platform, an attack exploiting this vulnerability could lead to an application crash or remote code execution. Resolution Affected users should upgrade to Mbed TLS 1.3.22, Mbed TLS 2.1.10 or Mbed TLS 2.7.0. Workaround Users should wherever possible upgrade to the newer version of Mbed TLS. Where this is not practical, users should consider if disabling the option MBEDTLS_PKCS1_V21 in the Mbed TLS configuration is practical for their application. Disabling RSASSA-PSS signatures in the verification profile at runtime is not a sufficient countermeasure.
Description: OpenPGP digital signature