Homepage
About Snyk

Buffer Underflow Affecting armmbed/mbedtls package, versions [3.5.0,3.6.2)

Severity

 Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-UNMANAGED-ARMMBEDMBEDTLS-8235242
  • published 21 Oct 2024
  • disclosed 15 Oct 2024
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 15 Oct 2024

CVE-2024-49195 Open this link in a new tab
CWE-124 Open this link in a new tab

How to fix?

Upgrade armmbed/mbedtls to version 3.6.2 or higher.

Overview

Affected versions of this package are vulnerable to Buffer Underflow in the mbedtls_pk_write_key_der() and mbedtls_pk_write_key_pem() functions when processing data from an opaque key PK context (MBEDTLS_PK_OPAQUE), when the MBEDTLS_USE_PSA_CRYPTO option is in use. An attacker can cause stack or heap corruption by supplying a malicious key pair.

mbedtls_pk_write_key_der() is vulnerable if either the MBEDTLS_ECP_C option is enabled and the output buffer in use is smaller than the public key representation, or the output buffer for an RSA key is smaller than the actual output.

mbedtls_pk_write_key_pem() is vulnerable if MBEDTLS_MPI_MAX_SIZE <= 420 for an RSA key.

Workaround

This vulnerability can be avoided by disabling the compile-time MBEDTLS_USE_PSA_CRYPTO option.

CVSS Scores

version 4.0
version 3.1
Expand this section

Snyk

Recommended
9.2 critical
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Attack Requirements (AT)
    Present
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Confidentiality (VC)
    High
  • Integrity (VI)
    High
  • Availability (VA)
    High
  • Confidentiality (SC)
    None
  • Integrity (SI)
    None
  • Availability (SA)
    None