UBUNTU-CVE-2024-45158

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2024-45158

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-45158.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-45158

Related

CVE-2024-45158

Published

2024-09-05T19:15:00Z

Modified

2024-09-05T19:15:00Z

Summary

[none]

Details

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtlsecdsadertoraw() and mbedtlsecdsarawtoder() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

References

Affected packages

Ubuntu:Pro:16.04:LTS / mbedtls

Package

Name: mbedtls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.2-1

2.2.0-1

2.2.1-1

2.2.1-2

2.2.1-2ubuntu0.1

2.2.1-2ubuntu0.2

2.2.1-2ubuntu0.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / mbedtls

Package

Name: mbedtls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.1-1ubuntu1

2.6.0-1

2.7.0-2

2.8.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / mbedtls

Package

Name: mbedtls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.16.2-1

2.16.3-1

2.16.4-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / mbedtls

Package

Name: mbedtls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.16.9-0.1ubuntu1

2.16.11-0.1ubuntu1

2.16.11-0.3

2.28.0-1

2.28.0-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / mbedtls

Package

Name: mbedtls

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.28.3-1

2.28.6-1ubuntu1

2.28.7-1ubuntu1

2.28.7-1.1ubuntu1

2.28.8-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}