An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. External References: http://www.talosintelligence.com/reports/TALOS-2017-0274/
Created mbedtls tracking bugs for this issue: Affects: epel-all [bug 1443604] Affects: fedora-all [bug 1443603]