diff options
author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-08-05 14:45:41 -0300 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-08-17 17:23:17 +0200 |
commit | 2df2b75208dce06dee02508c8d589fc5f540023d (patch) | |
tree | 6ffd3d40a1af5a5f4cd19e2d3b8dda5739714864 /toolchain | |
parent | 09bdc144197fe656f16d691d649ae08b36b4b126 (diff) | |
download | upstream-2df2b75208dce06dee02508c8d589fc5f540023d.tar.gz upstream-2df2b75208dce06dee02508c8d589fc5f540023d.tar.bz2 upstream-2df2b75208dce06dee02508c8d589fc5f540023d.zip |
wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628
CVE-2018-16870: medium-severity, new variant of the Bleichenbacher
attack to perform downgrade attacks against TLS, which may lead to
leakage of sensible data. Backported from 3.15.7.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'toolchain')
0 files changed, 0 insertions, 0 deletions