Stack Buffer Overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() Can Occur in Mbed TLS 3.6 Before 3.6.1
CVE-2024-45158

9.8CRITICAL

Key Information:

Vendor: Mbed TLS
Status: Mbed Tls
Vendor: CVE Published:; 5 September 2024

What is CVE-2024-45158?

A stack buffer overflow issue has been identified in Mbed TLS versions prior to 3.6.1. This vulnerability occurs in the functions mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() when the bits parameter exceeds the limits of the largest supported curve. In specific configurations where PSA is disabled, all values of bits could be impacted. While internal library calls may not trigger this, direct calls from applications pose a security risk, potentially leading to unauthorized data access or application crashes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://mbed-tls.readthedocs.io/en/latest/security-adviso...

https://github.com/Mbed-TLS/mbedtls/releases/

https://mbed-tls.readthedocs.io/en/latest/security-adviso...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2024

JSON

Mbed TLS

What is CVE-2024-45158?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.