Candidate: CVE-2017-2784
PublicDate: 2017-04-20 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2784
 https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
Description:
 An exploitable free of a stack pointer vulnerability exists in the x509
 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7,
 and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed
 by mbed TLS library, can cause an invalid free of a stack pointer leading
 to a potential remote code execution. In order to exploit this
 vulnerability, an attacker can act as either a client or a server on a
 network to deliver malicious x509 certificates to vulnerable applications.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857560
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857561
 https://bugs.launchpad.net/ubuntu/+source/mbedtls/+bug/1672686
Priority: medium
Discovered-by: Aleksandar Nikolic
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_mbedtls:
upstream_mbedtls: released (2.4.2-1)
precise_mbedtls: DNE
precise/esm_mbedtls: DNE
trusty_mbedtls: DNE
trusty/esm_mbedtls: DNE
vivid/stable-phone-overlay_mbedtls: DNE
vivid/ubuntu-core_mbedtls: DNE
xenial_mbedtls: released (2.2.1-2ubuntu0.1)
yakkety_mbedtls: released (2.3.0-1ubuntu0.1)
zesty_mbedtls: not-affected (2.4.2-1)
artful_mbedtls: not-affected (2.4.2-1)
bionic_mbedtls: not-affected (2.4.2-1)
cosmic_mbedtls: not-affected (2.4.2-1)
disco_mbedtls: not-affected (2.4.2-1)
devel_mbedtls: not-affected (2.4.2-1)

Patches_polarssl:
upstream_polarssl: needs-triage
precise_polarssl: not-affected
precise/esm_polarssl: DNE (precise was not-affected)
trusty_polarssl: ignored (reached end-of-life)
trusty/esm_polarssl: DNE (trusty was needs-triage)
vivid/stable-phone-overlay_polarssl: DNE
vivid/ubuntu-core_polarssl: DNE
xenial_polarssl: DNE
yakkety_polarssl: DNE
zesty_polarssl: DNE
artful_polarssl: DNE
bionic_polarssl: DNE
cosmic_polarssl: DNE
disco_polarssl: DNE
devel_polarssl: DNE