CVE-2024-45158

Source
https://cve.org/CVERecord?id=CVE-2024-45158
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45158.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45158
Downstream
Published
2024-09-05T00:00:00Z
Modified
2026-07-07T08:53:04.397186299Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw() and mbedtlsecdsarawtoder() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45158.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.6"
        },
        {
            "fixed": "3.6.1"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "last_affected": "3.6.0"
        }
    ],
    "cpe": "cpe:2.3:a:trustedfirmware:mbed_tls:3.6.0:*:*:*:*:*:*:*",
    "source": [
        "DESCRIPTION",
        "CPE_STRING"
    ]
}

Affected versions

3.*
3.6.0

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45158.json"