Fix potential integer overflow parsing DER CRT

This patch prevents a potential signed integer overflow during the certificate version verification checks.
2026-03-07 04:36:41 +00:00 · 2017-03-09 16:16:11 +00:00
parent eacc616a9c
commit 487b7a9efc
2 changed files with 6 additions and 3 deletions
--- a/3
+++ b/3
@@ -212,6 +212,9 @@ Bugfix
     digits. Found and fixed by Guido Vranken.
   * Fix unlisted DES configuration dependency in some pkparse test cases. Found
     by inestlerode. #555
+   * Fix a potential integer overflow in the version verification for DER
+     encoded X509 certificates. The overflow would enable maliciously
+     constructed certificates to bypass the certificate verification check.

 = mbed TLS 2.4.1 branch released 2016-12-13