VDB
GCVE-110-MAGEIA-2017-94
GCVE-110-MAGEIA-2017-94
Advisory Published
In mbedTLS before 1.3.19, if a malicious peer supplies a certificate with
a specially crafted secp224k1 public key, then an attacker can cause the
server or client to attempt to free block of memory held on stack.
Depending on the platform, this could result in a Denial of Service
(client crash) or potentially could be exploited to allow remote code
execution with the same privileges as the host application
(CVE-2017-2784).
The mbedtls package has been updated to version 1.3.19, fixing this issue
as well as other security issues and bugs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mbedtls | 0 (affected), 1.3.19-1.mga5 (unaffected), 0 (affected), 1.3.19-1.mga5 (unaffected) | — |
| Mageia | libfm | 0 (affected), 1.2.5-3.2.mga6 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.