[Cryptech Tech] CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL

Paul Selkirk paul at psgd.org
Tue Oct 20 03:49:07 UTC 2015

Previous message (by thread): [Cryptech Tech] CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL
Next message (by thread): [Cryptech Tech] CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/18/2015 10:19 AM, Randy Bush wrote:
> https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/

First, kudos to Guido for reviewing (and to everyone who reviews
open-source code), and kudos to the mbed TLS team for responding.

That said, we don't, and likely won't, use mbed TLS, which is quite a
separate project from mbed per se. (Although it looks like they've done
a lot of integration since the last time I looked at it, in May.)

In fact, we may not even end up using mbed per se. I'm keeping an open
mind, but I'm leaning to Fredrik's model of using the underlying CMSIS
libraries directly.

				paul

Previous message (by thread): [Cryptech Tech] CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL
Next message (by thread): [Cryptech Tech] CVE-2015-5291: remote heap corruption in ARM mbed TLS / PolarSSL
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list