VDB
CVE-2024-45158
CVE-2024-45158
PUBLISHED
CVSS 9.800000190734863 CRITICAL
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)
EPSS 0.68% · 71.9th percentile
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.68%
71.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| arm | mbed_tls | 3.6.0 |
| mbed | mbedtls | 3.6 |
Timeline
- Sep 5, 2024 CVE Published
- Sep 6, 2024 EPSS Score
- Sep 26, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 16, 2024 EPSS Score
- Nov 5, 2024 EPSS Score
- Nov 25, 2024 EPSS Score
- Nov 25, 2024 CVE Updated
- Dec 16, 2024 EPSS Score
- Jan 5, 2025 EPSS Score
- Jan 25, 2025 EPSS Score
- Feb 14, 2025 EPSS Score
References
- https://mbed-tls.readthedocs.io/en/latest/security-advisories/ url
- https://github.com/Mbed-TLS/mbedtls/releases/ url
- https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-45158 advisory
- https://github.com/Mbed-TLS/mbedtls/releases url
- https://mbed-tls.readthedocs.io/en/latest/security-advisories url
- https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2 url