Skip to content

Mbed TLS 3.5.2

Compare
Choose a tag to compare
@daverodgman daverodgman released this 26 Jan 10:18
· 4983 commits to development since this release

Description

This release of Mbed TLS provides fixes for security issues.

Security Advisories

For full details, please see the following link:

Release Notes

Security

  • Fix a timing side channel in private key RSA operations. This side channel
    could be sufficient for an attacker to recover the plaintext. A local
    attacker or a remote attacker who is close to the victim on the network
    might have precise enough timing measurements to exploit this. It requires
    the attacker to send a large number of messages for decryption. For
    details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
    by Hubert Kario, Red Hat.
  • Fix a failure to validate input when writing x509 extensions lengths which
    could result in an integer overflow, causing a zero-length buffer to be
    allocated to hold the extension. The extension would then be copied into
    the buffer, causing a heap buffer overflow.

Who should update

We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.

Checksum

The SHA256 hashes for the archives are:

35890edf1a2c7a7e29eac3118d43302c3e1173e0df0ebaf5db56126dabe5bb05 v3.5.2.tar.gz
eedecc468b3f8d052ef05a9d42bf63f04c8a1c50d1c5a94c251c681365a2c723 mbedtls-3.5.2.tar.gz

55c1525e7d5de18b84a1d1e5540950b4a3bac70e02889cf309919b2877cba63b v3.5.2.zip
fea0c12622044ef0d594361e83b2c2b5e4ca56bc1b44126ccca50872c7d6d4f6 mbedtls-3.5.2.zip

The URLs below point to the archives named vX.Y.Z.... When checking hashes, please be aware that due to GitHub's use of the Content-Disposition header, some clients will download the vX.Y.Z... archive and save it with the filename mbedtls-X.Y.Z....