CVE-2024-45157

EPSS 0.02%
Veröffentlicht 05.09.2024 19:15:12
Zuletzt bearbeitet 14.03.2025 17:15:47
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Mbed Tls Version >= 2.26.0 < 2.28.9

Arm ≫ Mbed Tls Version >= 3.2.0 < 3.6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	1.4	3.6	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.1	1.4	3.6	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-696 Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

https://github.com/Mbed-TLS/mbedtls/releases/

Release Notes

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Vendor Advisory

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45157

EUVD