www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: Buffer overflow with mbedTLS

Re: Buffer overflow with mbedTLS

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 25 Oct 2016 23:47:53 +0200 (CEST)

On Tue, 25 Oct 2016, Daniel Stenberg wrote:

> I'm forwarding this just to make sure you all are aware - this is not what I
> normally do with bugs. The mbedTLS crypto backend is obviously brand new so
> this flaw shouldn't hurt anyone's use of libssh2 in production but should
> perhaps make you pause if you had plans to.

Hm, okay I trigged really fast due to the possible importance but the bug was
closed again... Sorry for being alarmist. But let's keep our eyes open and I
think it is reasonable to be careful with a brand new backend like this.

  / daniel.haxx.se
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2016-10-25

the libssh2 team