TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e298eeb739be318f44c8766ec8987461cc105a32^! / .
commite298eeb739be318f44c8766ec8987461cc105a32[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Oct 14 11:03:24 2024 +0200
committerValerio Setti <valerio.setti@nordicsemi.no>Wed Oct 16 10:30:30 2024 +0200
treefe0f6afac0c9008d733e178450c366209a1ed506
parent63348bed3064164c02406a9bf3ea21655170b47b [diff]
Changelog entry for security fix

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/ChangeLog.d/9690.txt b/ChangeLog.d/9690.txt
new file mode 100644
index 0000000..8dda75c
--- /dev/null
+++ b/ChangeLog.d/9690.txt

@@ -0,0 +1,8 @@
+Security
+   * Fix a buffer underrun in mbedtls_pk_write_pubkey_der() when
+     called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
+     and the output buffer is smaller than the actual output.
+     Fix a related buffer underrun in mbedtls_pk_write_pubkey_pem()
+     when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
+     and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
+     CVE-2024-49195