CVE-2024-45157

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45157
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45157.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45157
Published
2024-09-05T19:15:12Z
Modified
2024-09-07T02:20:47.102214Z
Summary
[none]
Details

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and MBEDTLSCTRDRBGC are disabled.

References

Affected packages

Alpine:v3.17 / mbedtls

Package

Name
mbedtls
Purl
pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.28.9-r0

Affected versions

2.*

2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r0
2.28.1-r0
2.28.2-r0
2.28.3-r0
2.28.4-r0
2.28.5-r0
2.28.7-r0
2.28.8-r0

Alpine:v3.18 / mbedtls

Package

Name
mbedtls
Purl
pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.28.9-r0

Affected versions

2.*

2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r0
2.28.1-r0
2.28.1-r1
2.28.2-r0
2.28.3-r0
2.28.3-r1
2.28.4-r0
2.28.5-r0
2.28.7-r0
2.28.8-r0

Alpine:v3.19 / mbedtls

Package

Name
mbedtls
Purl
pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.28.9-r0

Affected versions

2.*

2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r0
2.28.1-r0
2.28.1-r1
2.28.2-r0
2.28.3-r0
2.28.3-r1
2.28.3-r2
2.28.3-r3
2.28.4-r0
2.28.5-r0
2.28.6-r0
2.28.7-r0
2.28.8-r0

Alpine:v3.20 / mbedtls

Package

Name
mbedtls
Purl
pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.1-r0

Affected versions

2.*

2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r0
2.28.1-r0
2.28.1-r1
2.28.2-r0
2.28.3-r0
2.28.3-r1
2.28.3-r2
2.28.3-r3
2.28.4-r0
2.28.5-r0
2.28.6-r0
2.28.7-r0
2.28.8-r0

3.*

3.6.0-r0

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

beta-oob-2
list
mbedos-2016q1-oob1
mbedos-2016q1-oob2
mbedos-2016q1-oob3
mbedos-release-15-11
mbedos-techcon-oob2

mbedos-16.*

mbedos-16.01-release
mbedos-16.03-release

mbedtls-1.*

mbedtls-1.3.10
mbedtls-1.4-dtls-preview

mbedtls-2.*

mbedtls-2.0.0
mbedtls-2.1.0
mbedtls-2.1.1
mbedtls-2.1.2
mbedtls-2.10.0
mbedtls-2.11.0
mbedtls-2.12.0
mbedtls-2.13.0
mbedtls-2.13.1
mbedtls-2.14.0
mbedtls-2.15.0
mbedtls-2.15.1
mbedtls-2.16.0
mbedtls-2.17.0
mbedtls-2.18.0
mbedtls-2.19.0
mbedtls-2.19.0d1
mbedtls-2.19.0d2
mbedtls-2.19.1
mbedtls-2.2.0
mbedtls-2.2.1
mbedtls-2.20.0
mbedtls-2.20.0d0
mbedtls-2.20.0d1
mbedtls-2.21.0
mbedtls-2.22.0
mbedtls-2.22.0d0
mbedtls-2.23.0
mbedtls-2.24.0
mbedtls-2.25.0
mbedtls-2.26.0
mbedtls-2.27.0
mbedtls-2.28.0
mbedtls-2.28.1
mbedtls-2.28.2
mbedtls-2.28.3
mbedtls-2.28.4
mbedtls-2.28.5
mbedtls-2.28.6
mbedtls-2.28.7
mbedtls-2.28.8
mbedtls-2.3.0
mbedtls-2.4.0
mbedtls-2.5.0
mbedtls-2.5.1
mbedtls-2.6.0
mbedtls-2.6.0-rc1
mbedtls-2.7.0
mbedtls-2.7.0-rc1
mbedtls-2.8.0
mbedtls-2.8.0-rc1
mbedtls-2.9.0

polarssl-1.*

polarssl-1.2.0
polarssl-1.2.1
polarssl-1.2.2
polarssl-1.2.3
polarssl-1.2.4
polarssl-1.2.5
polarssl-1.2.6
polarssl-1.3.0
polarssl-1.3.0-rc0
polarssl-1.3.1
polarssl-1.3.2
polarssl-1.3.3
polarssl-1.3.4
polarssl-1.3.5
polarssl-1.3.6
polarssl-1.3.7
polarssl-1.3.8
polarssl-1.3.9

v2.*

v2.23.0
v2.24.0
v2.25.0
v2.26.0
v2.27.0
v2.28.0
v2.28.1
v2.28.2
v2.28.3
v2.28.4
v2.28.5
v2.28.6
v2.28.7
v2.28.8

yotta-2.*

yotta-2.2.1
yotta-2.2.2
yotta-2.2.3
yotta-2.3.0
yotta-2.3.1