www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: Buffer overflow with mbedTLS

Re: Buffer overflow with mbedTLS

From: Eduardo Silva <edsiper_at_gmail.com>
Date: Tue, 25 Oct 2016 17:10:38 -0600

what version of mbedTLS is that ?

On Tue, Oct 25, 2016 at 3:47 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Tue, 25 Oct 2016, Daniel Stenberg wrote:
>> I'm forwarding this just to make sure you all are aware - this is not what
>> I normally do with bugs. The mbedTLS crypto backend is obviously brand new
>> so this flaw shouldn't hurt anyone's use of libssh2 in production but should
>> perhaps make you pause if you had plans to.
> Hm, okay I trigged really fast due to the possible importance but the bug
> was closed again... Sorry for being alarmist. But let's keep our eyes open
> and I think it is reasonable to be careful with a brand new backend like
> this.
> --
> / daniel.haxx.se
> _______________________________________________
> libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Eduardo Silva
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2016-10-26

the libssh2 team