Upload advisories for TLS 1.3 negotiation fixes released in 3.6.0 #184
Description
In Mbed TLS 3.6.0, we fixed three loosely related vulnerabilities in TLS 1.3 negotiation:
-
Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3 ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A malicious client could cause information disclosure or a denial of service. Fixes CVE-2024-30166.
-
Restore the maximum TLS version to be negotiated to the configured one when an SSL context is reset with the mbedtls_ssl_session_reset() API. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. Fixes CVE-2024-28755.
-
When negotiating TLS version on server side, do not fall back to the TLS 1.2 implementation of the protocol if it is disabled.
- If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
client could put the TLS 1.3-only server in an infinite loop processing
a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
Matthias Mucha and Thomas Blattmann, SICK AG. - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.
Fixes CVE-2024-28836.
- If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
We assigned CVEs for these vulnerabilities, but did not release advisories.
Definition of done: advisories for these vulnerabilities are published at https://mbed-tls.readthedocs.io/en/latest/security-advisories/.