diff --git a/ChangeLog b/ChangeLog index 227faed6b..1154075e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,17 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by + default enabled) maximum fragment length extension is disabled in the + config and the application data buffer passed to mbedtls_ssl_write + is larger than the internal message buffer (16384 bytes by default), the + latter overflows. The exploitability of this issue depends on whether the + application layer can be forced into sending such large packets. The issue + was independently reported by Tim Nordell via e-mail and by Florin Petriuc + and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707. + = mbed TLS 2.6.0 branch released 2017-08-10 Security