CVE-2015-8036

Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Information

Published : 2015-11-02 11:59

Updated : 2019-06-19 06:59


NVD link : CVE-2015-8036

Mitre link : CVE-2015-8036


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

polarssl

  • polarssl

fedoraproject

  • fedora

arm

  • mbed_tls

debian

  • debian_linux

opensuse

  • opensuse