CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Mbed-TLS/mbedtls/releases/	Release Notes
https://mbed-tls.readthedocs.io/en/latest/security-advisories/	Vendor Advisory
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*

History

16 May 2025, 20:17

Type	Values Removed	Values Added
First Time		Arm mbed Tls Arm
CPE		cpe:2.3:a:arm:mbed_tls:3.6.0:::::::*
References	~~() https://github.com/Mbed-TLS/mbedtls/releases/ -~~	() https://github.com/Mbed-TLS/mbedtls/releases/ - Release Notes
References	~~() https://mbed-tls.readthedocs.io/en/latest/security-advisories/ -~~	() https://mbed-tls.readthedocs.io/en/latest/security-advisories/ - Vendor Advisory
References	~~() https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/ -~~	() https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/ - Vendor Advisory

06 Sep 2024, 19:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-05 19:15

Updated : 2025-05-16 20:17

NVD link : CVE-2024-45158

Mitre link : CVE-2024-45158

CVE.ORG link : CVE-2024-45158

JSON object : View

Products Affected

arm

mbed_tls

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2024-45158", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-09-05T19:15:13.057", "references": [{"url": "https://github.com/Mbed-TLS/mbedtls/releases/", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)"}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Mbed TLS 3.6 anterior a 3.6.1. Puede producirse un desbordamiento del b\u00fafer de pila en mbedtls_ecdsa_der_to_raw() y mbedtls_ecdsa_raw_to_der() cuando el par\u00e1metro bits es mayor que la curva admitida m\u00e1s grande. En algunas configuraciones con PSA deshabilitado, todos los valores de bits se ven afectados. (Esto nunca sucede en llamadas de librer\u00eda internas, pero puede afectar a las aplicaciones que llaman a estas funciones directamente)."}], "lastModified": "2025-05-16T20:17:39.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B998962-F742-4166-ADDB-99929385B276"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}