In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the sslparseclientpskidentity() function in library/ssl_srv.c.
{ "vanir_signatures": [ { "source": "https://github.com/mbed-tls/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28", "signature_version": "v1", "id": "CVE-2017-18187-2d89a41b", "signature_type": "Line", "target": { "file": "library/ssl_srv.c" }, "digest": { "line_hashes": [ "146705795122806448969502256052171142492", "250739608582514144555358197331282491043", "138311258465109895060410760846872072497", "226521422758386904350980188820999931980", "166683699188758028603646729933607871728", "135889021735654070488482182026670372764", "179663835056930844441641430651641120248", "26630778509266565837874525009607955193" ], "threshold": 0.9 }, "deprecated": false }, { "source": "https://github.com/mbed-tls/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28", "signature_version": "v1", "id": "CVE-2017-18187-601b0b25", "signature_type": "Function", "target": { "file": "library/ssl_srv.c", "function": "ssl_parse_client_psk_identity" }, "digest": { "function_hash": "121718152799964170990906735473705715749", "length": 1429.0 }, "deprecated": false } ] }