CVE-2024-45158

EPSS 0.68%
Veröffentlicht 05.09.2024 19:15:13
Zuletzt bearbeitet 16.05.2025 20:17:39
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Mbed Tls Version3.6.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.711

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://github.com/Mbed-TLS/mbedtls/releases/

Release Notes

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Vendor Advisory

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45158

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45158