Skip to content

mbedTLS: Buffer overflow security issue, requires upgrade to 2.7.0 #6025

New issue
New issue
Closed
Bug
Closed
mbedTLS: Buffer overflow security issue, requires upgrade to 2.7.0#6025
Bug
Assignees
lpereira
Labels
area: Networkingarea: SecuritySecuritybugThe issue is a bug, or the PR is fixing a bugpriority: highHigh impact/importance bug
Milestone
v1.11.0
@pfalcon

Description

@pfalcon
pfalcon
opened on Feb 7, 2018

There is a pretty obvious, blatant buffer overflow possibility in the mbedTLS codebase (2.6.0) used by Zephyr as of now. It was fixed in 2.7.0 by this commit: Mbed-TLS/mbedtls@0b7b83fd9 .

In the interest of establishing Zephyr as the secure codebase, we should upgrade included mbedTLS for the 1.11 release.

Metadata

Metadata

Assignees

Labels

area: Networkingarea: SecuritySecuritybugThe issue is a bug, or the PR is fixing a bugpriority: highHigh impact/importance bug

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions