FreeBSD : mbedTLS/PolarSSL -- DoS and possible remote code execution (07a1a76c-734b-11e5-ae81-14dae9d210b8)
Medium Nessus Plugin ID 86386
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionARM Limited reports :
When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow : the session ticket extension and the server name indication (SNI) extension.
SolutionUpdate the affected packages.