CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

CVSS

No CVSS.

References

Link	Resource
https://github.com/Mbed-TLS/mbedtls/releases/	Release Notes
https://mbed-tls.readthedocs.io/en/latest/security-advisories/	Vendor Advisory
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arm:mbed_tls:3.6.0:*:*:*:*:*:*:*

History

16 May 2025, 20:17

Type	Values Removed	Values Added
First Time		Arm Arm mbed Tls
CPE		cpe:2.3:a:arm:mbed_tls:3.6.0:::::::*
References	~~() https://mbed-tls.readthedocs.io/en/latest/security-advisories/ -~~	() https://mbed-tls.readthedocs.io/en/latest/security-advisories/ - Vendor Advisory
References	~~() https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/ -~~	() https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/ - Vendor Advisory
References	~~() https://github.com/Mbed-TLS/mbedtls/releases/ -~~	() https://github.com/Mbed-TLS/mbedtls/releases/ - Release Notes

05 Sep 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-05 19:15

Updated : 2025-05-16 20:17

NVD link : CVE-2024-45158

Mitre link : CVE-2024-45158

JSON object : View

Products Affected

arm

mbed_tls

CWE

No CWE.

JSON object

Attach tags to CVE-2024-45158

Attach tags to `CVE-2024-45158`