Impact
Basics Station utilizes mbed-tls 2.6 which is unmaintained and is likely to contain several vulnerabilities.
Patches
Semtech is evaluating an upgrade to mbed-tls 2.7. Preliminary results show that mbed-tls 2.7 is interface compatible and can be successfully linked and executed.
Workarounds
Modification of makefile to reference mbed-tls 2.7; no other practical workarounds which preserve secure functionality.
References
Are there any links users can visit to find out more?
Please see potential list of vulnerabilities here: https://www.cvedetails.com/product/32568/ARM-Mbed-Tls.html?vendor_id=15698
For more information
If you have any questions or comments about this advisory: please visit https://www.semtech.com/company/security
This vulnerability was discovered by Andrew Jorgensen (ajorgens@amazon.com) from Amazon.
Impact
Basics Station utilizes mbed-tls 2.6 which is unmaintained and is likely to contain several vulnerabilities.
Patches
Semtech is evaluating an upgrade to mbed-tls 2.7. Preliminary results show that mbed-tls 2.7 is interface compatible and can be successfully linked and executed.
Workarounds
Modification of makefile to reference mbed-tls 2.7; no other practical workarounds which preserve secure functionality.
References
Are there any links users can visit to find out more?
Please see potential list of vulnerabilities here: https://www.cvedetails.com/product/32568/ARM-Mbed-Tls.html?vendor_id=15698
For more information
If you have any questions or comments about this advisory: please visit https://www.semtech.com/company/security
This vulnerability was discovered by Andrew Jorgensen (ajorgens@amazon.com) from Amazon.