Debian Security Advisory
DLA-331-1 polarssl -- LTS security update
- Date Reported:
- 22 Oct 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-5291.
- More information:
A flaw was found in PolarSSl and mbed TLS:
When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension and the server name indication (SNI) extension.
Although most of the vulnerable code is not present in the Squeeze version, this upload contains at least a length check for incoming data.