xref: /hypervisor/lib/crypto/mbedtls/ChangeLog

29      targetting an internal MD/SHA buffer. With TLS or if
40      buffer. Connections using GCM or CCM instead of CBC or using
52      where the outgoing buffer can be fixed at a smaller size than the incoming
53      buffer, which can save some RAM. If buffer lengths are kept equal, there
166    * Fix an issue in the X.509 module which could lead to a buffer overread
173    * Fix the buffer length assertion in the ssl_parse_certificate_request()
174      function which led to an arbitrary overread of the message buffer. The
232    * Fix buffer length assertions in the ssl_parse_certificate_request()
234      buffer.
235    * Fix invalid buffer sizes passed to zlib during record compression and
307    * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause
309    * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
355    * Fix a 1-byte heap buffer overflow (read-only) during private key parsing.
378    * Fix a buffer overflow in RSA-PSS verification when the hash was too large
382    * Fix buffer overflow in RSA-PSS verification when the unmasked data is all
385      64 KiB to the address of the SSL buffer and causing a wrap around.
386    * Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by
388      config and the application data buffer passed to mbedtls_ssl_write
389      is larger than the internal message buffer (16384 bytes by default), the
399    * Set PEM buffer to zero before freeing it, to avoid decoded private keys
407    * Wipe stack buffer temporarily holding EC private exponent
409    * Fix a potential heap buffer over-read in ALPN extension parsing
651    * Fixed unlimited overread of heap-based buffer in mbedtls_ssl_read().
752    * Fixed a bug that caused freeing a buffer that was allocated on the stack,
776    * Fixed multiple buffer overreads in mbedtls_pem_read_buffer() when parsing
780      cause buffer bound checks to be bypassed. Found by Eyal Itkin.
782      cause buffer bound checks to be bypassed. Found by Eyal Itkin.
784      cause buffer bound checks to be bypassed. Found by Eyal Itkin.
786      cause buffer bound checks to be bypassed. Found by Eyal Itkin.
798    * Fix 1 byte buffer overflow in mbedtls_mpi_write_string() when the MPI
820      mbedtls_x509write_csr_der() when the signature is copied to the buffer
897    * Fix potential integer overflow to buffer overflow in
900    * Fix a potential integer underflow to buffer overread in
921      buffer after DER certificates to be included in the raw representation.
975    * Fix potential buffer overflow in some asn1_write_xxx() functions.
1017    * Added fix for CVE-2015-5291 to prevent heap corruption due to buffer
1024    * Fix stack buffer overflow in pkcs12 decryption (used by
1027    * Fix potential buffer overflow in mbedtls_mpi_read_string().
1036    * Fix possible heap buffer overflow in base64_encoded() when the input
1037      buffer is 512MB or larger on 32-bit platforms. Found by Guido Vranken,
1042    * Fix potential heap buffer overflow in servers that perform client
1209    * net_accept() gained new arguments for the size of the client_ip buffer.
1413    * NULL pointer dereference in the buffer-based allocator when the buffer is
1450    * Stack buffer overflow if ctr_drbg_update() is called with too large
1452    * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
1503    * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
1525    * Made buffer size in pk_write_(pub)key_pem() more dynamic, eg smaller if
1531    * Accept spaces at end of line or end of buffer in base64_decode().
1569    * Enforce alignment in the buffer allocator even if buffer is not aligned
1583    * Very large records using less padding could cause a buffer overread of up
1679      error if the output buffer was just 1 byte too small.
1683    * Potential buffer overwrite in pem_write_buffer() because of low length
1719    * Fixed possible buffer overflow with overlong PSK
1839    * TLS compression only allocates working buffer once
1949    * Fix buffer overread of size 1 when parsing crafted X.509 certificates
1955    * Stack buffer overflow if ctr_drbg_update() is called with too large
1990    * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
2001    * Accept spaces at end of line or end of buffer in base64_decode().
2092    * Fixed potential heap buffer overflow on large hostname setting
2233    * Added preliminary ASN.1 buffer writing support
2283    * Prevent reading over buffer boundaries on X509 certificate parsing
2299    * Potential buffer-overflow for ssl_read_record() (independently found by
2302    * Potential heap buffer overflow on large hostname setting
2343    * Prevent reading over buffer boundaries on X509 certificate parsing
2475      instead of int32_t for buffer lengths and loop variables for
2622    * Changed ARC4 to use separate input/output buffer
2712    * Fixed an off-by-one buffer allocation in ssl_set_hostname()

Last Index update Fri Aug 22 02:31:50 CST 2025