AIKIDO-2025-10217
Mbed-TLS.mbedtls is vulnerable to Stack-based Buffer Overflow
81
High Risk
This Affects:
Mbed-TLS.mbedtlsTL;DR
In Mbed TLS 3.6.0, the functions mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() are vulnerable to a stack buffer overflow if the bits argument exceeds the maximum curve size, due to missing validation. When MBEDTLS_PSA_CRYPTO_C is disabled, these functions may use a zero-sized internal buffer, leading to overflows even with valid input. This affects applications that invoke these functions on attacker-controlled input, allowing an attacker to trigger a buffer overflow by manipulating the declared curve bit size.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
Mbed-TLS.mbedtls is vulnerable to Stack-based Buffer Overflow in versions 3.6.0 - 3.6.0.
How to fix this
Upgrade the Mbed-TLS.mbedtls library to the patch version.
Links
GitHub Releases
Other
mbed-tls.readthedocs.io/en/latest/security-advisories/mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant