Heap-based Buffer Overflow in ARM mbed TLS by PolarSSL
CVE-2015-8036

Currently unrated

Key Information:

Vendor

Arm
Status
Mbed Tls
Polarssl
Vendor
CVE Published:
2 November 2015

What is CVE-2015-8036?

A heap-based buffer overflow vulnerability exists in ARM mbed TLS (formerly PolarSSL) versions prior to 1.3.14 and 2.1.2. This flaw can be exploited by remote SSL servers that send a specially crafted long session ticket name in the session ticket extension, at which point the vulnerable system fails to properly handle the input when constructing a ClientHello message for session resumption. As a result, this can lead to a denial of service by crashing the client and potentially allowing the execution of arbitrary code.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.debian.org/security/2016/dsa-3468
vendor-advisoryx_refsource_DEBIAN
https://guidovranken.files.wordpress.com/2015/10/cve-2015...
x_refsource_MISC
https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.