CVE-2024-45158

EPSS 0.53%
Veröffentlicht 05.09.2024 19:15:13
Zuletzt bearbeitet 16.05.2025 20:17:39
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Mbed Tls Version3.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.661

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://github.com/Mbed-TLS/mbedtls/releases/

Release Notes

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Vendor Advisory

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45158

EUVD