Oval Definition:oval:org.opensuse.security:def:20172784
Revision Date:2022-06-30Version:1
Title:CVE-2017-2784
Description:

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-2784
openSUSE-SU-2017:0790-1
openSUSE-SU-2017:0792-1
Mitre CVE-2017-2784
SUSE CVE-2017-2784
openSUSE-SU-2017:0790-1
openSUSE-SU-2017:0792-1
Platform(s):openSUSE Leap 42.1
openSUSE Leap 42.2
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Package Hub for SUSE Linux Enterprise 12
Product(s):
Definition Synopsis
  • openSUSE Leap 42.1 is installed
  • AND Package Information
  • libmbedtls9-1.3.19-15.1 is installed
  • AND libmbedtls9 is signed with openSUSE key
  • OR
  • libmbedtls9-32bit-1.3.19-15.1 is installed
  • AND libmbedtls9-32bit is signed with openSUSE key
  • OR
  • mbedtls-1.3.19-15.1 is installed
  • AND mbedtls is signed with openSUSE key
  • OR
  • mbedtls-devel-1.3.19-15.1 is installed
  • AND mbedtls-devel is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 42.2 is installed
  • AND Package Information
  • libmbedtls9-1.3.19-15.1 is installed
  • AND libmbedtls9 is signed with openSUSE key
  • OR
  • libmbedtls9-32bit-1.3.19-15.1 is installed
  • AND libmbedtls9-32bit is signed with openSUSE key
  • OR
  • mbedtls-1.3.19-15.1 is installed
  • AND mbedtls is signed with openSUSE key
  • OR
  • mbedtls-devel-1.3.19-15.1 is installed
  • AND mbedtls-devel is signed with openSUSE key
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND Package Information
  • libmbedtls9-1.3.19-5 is installed
  • OR libmbedtls9-32bit-1.3.19-15 is installed
  • OR mbedtls-1.3.19-5 is installed
  • OR mbedtls-devel-1.3.19-5 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • libmbedcrypto7-2.27.0-1.2 is installed
  • OR libmbedcrypto7-32bit-2.27.0-1.2 is installed
  • OR libmbedtls13-2.27.0-1.2 is installed
  • OR libmbedtls13-32bit-2.27.0-1.2 is installed
  • OR libmbedx509-1-2.27.0-1.2 is installed
  • OR libmbedx509-1-32bit-2.27.0-1.2 is installed
  • OR mbedtls-devel-2.27.0-1.2 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND Package Information
  • libmbedtls9-1.3.19-5.1 is installed
  • OR mbedtls-devel-1.3.19-5.1 is installed
    • BACK