Mbed TLS 3.6.0 Stack Buffer Overflow in ECDSA Signature Conversion (CVE-2024-45158)

From this webpage screenshot, we can extract the following key information about the vulnerability: 1. Vulnerability Description: - Title: Stack buffer overflow in ECDSA signature conversion functions - CVE ID: CVE-2024-45158 - Date: 30 August 2024 - Affected Version: Mbed TLS 3.6.0 - Severity: High 2. Vulnerability Details: - In Mbed TLS 3.6.0, the functions and do not properly validate their parameter. If the value of this parameter exceeds the bit length of the largest supported curve, these functions may overflow a stack-based buffer, copying content from the input parameter. - When is enabled, the maximum safe value for is the size of the largest curve supported by the PSA API. All curves supported by PSA API (e.g., in , , , , ) are also supported by PSA API, so any curve supported in Mbed TLS is safe. However, if the code does not ensure that corresponds to a supported curve, it remains vulnerable. - When is disabled, in certain configurations, these functions internally use a 0-byte buffer. If not detected at compile time, these functions will cause internal buffer overflows for all valid inputs. These functions are declared in and were originally intended for use with the PSA API, but they are not excluded from builds without PSA. 3. Impact: - Applications calling or functions may suffer from stack buffer overflow if the input is controlled by an attacker. The attacker can choose the content. Note that to trigger the attack, the attacker must control the declared curve bit length, not just the buffer size and content. 4. Solution: - Affected users should upgrade to Mbed TLS 3.6.1. 5. Workarounds: - In Mbed TLS 3.6.0, if is enabled and the calling code ensures that the parameter corresponds to a supported curve bit length, the code is safe. This information provides a detailed description of the vulnerability's nature, impact, and remediation, helping users identify and fix the issue.

Goal Reached Thanks to every supporter — we hit 100%!

Mbed TLS 3.6.0 Stack Buffer Overflow in ECDSA Signature Conversion (CVE-2024-45158)