CVE-2017-18187

Priority
Description
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an
integer overflow in PSK identity parsing in the
ssl_parse_client_psk_identity() function in library/ssl_srv.c.
Notes
Package
Upstream:released (2.4.2-1+deb9u2, 2.7.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.2.1-2ubuntu0.3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.8.0-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.8.0-1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.8.0-1)
Package
Upstream:released (1.3.9-2.1+deb8u3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-02-06 16:15:38 UTC (commit 1c7e8723b79fd57b280f3a0eeda90c82f0a3889b)