Buffer Underrun in Mbed TLS Affects Key Pair Processing
CVE-2024-49195

Currently unrated

Key Information:

Vendor: Mbed TLS
Status: Mbed TLS
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-49195?

A vulnerability in Mbed TLS versions 3.5.x through 3.6.x prior to 3.6.2 allows a buffer underrun when handling the writing of opaque key pairs. This flaw can potentially lead to unauthorized access and compromise the security of the key management process. Users are advised to update to the latest patched version to mitigate risks associated with this vulnerability.

References

https://mbed-tls.readthedocs.io/en/latest/tech-updates/se...

https://mbed-tls.readthedocs.io/en/latest/security-adviso...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024