Stack-based Buffer Overflow Affecting armmbed/mbedtls package, versions [,3.6.1)
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UNMANAGED-ARMMBEDMBEDTLS-7919065
- published6 Sept 2024
- disclosed5 Sept 2024
- creditUnknown
Introduced: 5 Sep 2024
CVE-2024-45158 (opens in a new tab)How to fix?
Upgrade armmbed/mbedtls to version 3.6.1 or higher.
Overview
Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the mbedtls_ecdsa_der_to_raw and mbedtls_ecdsa_raw_to_der functions. An attacker can execute arbitrary code or cause a denial of service by providing a bits parameter value that exceeds the size of the largest supported curve.
Notes:
This is only exploitable if PSA (Platform Security Architecture) is disabled;
To provoke the attack, the attacker needs to control the declared curve bit-size, not just the buffer size and content.
Workaround
This can be mitigated if MBEDTLS_PSA_CRYPTO_C is enabled and the calling code first ensures that the bits parameter is the bit-size of a curve that is supported in the build of Mbed TLS.