CVE-2024-45158

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45158
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45158.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45158
Related
Published
2024-09-05T19:15:13Z
Modified
2024-10-08T04:25:57.142051Z
Summary
[none]
Details

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw() and mbedtlsecdsarawtoder() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

References

Affected packages

Alpine:v3.20 / mbedtls

Package

Name
mbedtls
Purl
pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.1-r0

Affected versions

2.*

2.0.0-r0
2.1.2-r0
2.2.0-r0
2.2.0-r1
2.2.1-r0
2.3.0-r0
2.4.0-r0
2.4.1-r0
2.4.2-r0
2.5.1-r0
2.6.0-r0
2.6.1-r0
2.7.0-r0
2.11.0-r0
2.12.0-r0
2.14.1-r0
2.16.0-r0
2.16.1-r0
2.16.1-r1
2.16.2-r0
2.16.3-r0
2.16.5-r0
2.16.6-r0
2.16.8-r0
2.16.9-r0
2.16.10-r0
2.16.10-r1
2.16.12-r0
2.16.12-r1
2.28.0-r0
2.28.1-r0
2.28.1-r1
2.28.2-r0
2.28.3-r0
2.28.3-r1
2.28.3-r2
2.28.3-r3
2.28.4-r0
2.28.5-r0
2.28.6-r0
2.28.7-r0
2.28.8-r0

3.*

3.6.0-r0

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events

Affected versions

mbedtls-3.*

mbedtls-3.6.0

v3.*

v3.6.0