An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtlsmpiexp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
{ "binaries": [ { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedcrypto0" }, { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedtls-dev" }, { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedtls10" }, { "binary_version": "2.2.1-2ubuntu0.3", "binary_name": "libmbedx509-0" } ] }
{ "binaries": [ { "binary_version": "2.16.4-1ubuntu2", "binary_name": "libmbedcrypto3" }, { "binary_version": "2.16.4-1ubuntu2", "binary_name": "libmbedtls-dev" }, { "binary_version": "2.16.4-1ubuntu2", "binary_name": "libmbedtls12" }, { "binary_version": "2.16.4-1ubuntu2", "binary_name": "libmbedx509-0" } ] }