ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverpskhint() that could cause a crash on invalid input.
{ "binaries": [ { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedcrypto0" }, { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedtls-dev" }, { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedtls10" }, { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedx509-0" } ] }