AIKIDO-2025-10218
Mbed-TLS.mbedtls is vulnerable to Incorrect Behavior Order
50
Medium Risk
This Affects:
Mbed-TLS.mbedtlsTL;DR
Affected versions of Mbed TLS mistakenly document but do not implement support for MBEDTLS_PSA_HMAC_DRBG_MD_TYPE, causing the PSA subsystem to always use CTR_DRBG if MBEDTLS_CTR_DRBG_C is enabled, regardless of configuration. While both HMAC_DRBG and CTR_DRBG are cryptographically secure, CTR_DRBG may be more vulnerable to side-channel attacks in software implementations, potentially impacting users who explicitly prefer HMAC_DRBG for its stronger side-channel resistance.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
Mbed-TLS.mbedtls is vulnerable to Incorrect Behavior Order in versions 3.0.0 - 3.6.0 and 2.26.0 - 2.28.8.
How to fix this
Upgrade to a patched version, or as a workaround, disable the MBEDTLS_CTR_DRBG_C compile-time option to ensure that HMAC_DRBG is used as the pseudorandom generator in the PSA subsystem.
Links
GitHub Releases
Other
mbed-tls.readthedocs.io/en/latest/security-advisories/mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant