An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mbed
Mbed mbedtls |
|
CPEs | cpe:2.3:a:mbed:mbedtls:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mbed-tls
Mbed-tls mbedtls |
Mbed
Mbed mbedtls |
Fri, 06 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mbed-tls
Mbed-tls mbedtls |
|
Weaknesses | CWE-121 | |
CPEs | cpe:2.3:a:mbed-tls:mbedtls:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mbed-tls
Mbed-tls mbedtls |
|
Metrics |
cvssV3_1
|
Thu, 05 Sep 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.) | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-09-05T00:00:00
Updated: 2024-11-25T20:54:01.597Z
Reserved: 2024-08-22T00:00:00
Link: CVE-2024-45158
Vulnrichment
Updated: 2024-09-06T18:20:50.581Z
NVD
Status : Awaiting Analysis
Published: 2024-09-05T19:15:13.057
Modified: 2024-09-06T19:35:26.390
Link: CVE-2024-45158
Redhat
No data.