VDB

GCVE-110-MAGEIA-2017-94

GCVE-110-MAGEIA-2017-94
Advisory Published
Vulnetix · Advisory published March 27, 2017
In mbedTLS before 1.3.19, if a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. Depending on the platform, this could result in a Denial of Service (client crash) or potentially could be exploited to allow remote code execution with the same privileges as the host application (CVE-2017-2784). The mbedtls package has been updated to version 1.3.19, fixing this issue as well as other security issues and bugs.

Affected Products

VendorProductVersionsPlatforms
Mageiambedtls0 (affected), 1.3.19-1.mga5 (unaffected), 0 (affected), 1.3.19-1.mga5 (unaffected)
Mageialibfm0 (affected), 1.2.5-3.2.mga6 (unaffected)

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›