CVE-2024-45158

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45158

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45158.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45158

Related

UBUNTU-CVE-2024-45158

Published

2024-09-05T19:15:13Z

Modified

2024-09-07T02:26:26.374158Z

Summary

[none]

Details

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw() and mbedtlsecdsarawtoder() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

References

Affected packages

Alpine:v3.20 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

2.16.3-r0

2.16.5-r0

2.16.6-r0

2.16.8-r0

2.16.9-r0

2.16.10-r0

2.16.10-r1

2.16.12-r0

2.16.12-r1

2.28.0-r0

2.28.1-r0

2.28.1-r1

2.28.2-r0

2.28.3-r0

2.28.3-r1

2.28.3-r2

2.28.3-r3

2.28.4-r0

2.28.5-r0

2.28.6-r0

2.28.7-r0

2.28.8-r0

3.*

3.6.0-r0

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type: GIT
Repo: https://github.com/mbed-tls/mbedtls
Events: Introduced

2ca6c285a0dd3f33982dd57299012dacab1ff206

Fixed

71c569d44bf3a8bd53d874c81ee8ac644dd6e9e3

CVE-2024-45158

Affected packages

Alpine:v3.20 / mbedtls

Package

Affected ranges

Affected versions

2.*

3.*

Git / github.com/mbed-tls/mbedtls

Affected ranges

Affected versions

mbedtls-3.*

v3.*