Upstream information

CVE-2024-45158 at MITRE

Description

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having critical severity.

SUSE Bugzilla entry: 1230311 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Thu Sep 5 22:00:24 2024
CVE page last modified: Wed Nov 27 13:59:44 2024