Login Sign Up

CVE-2024-45158

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A stack buffer overflow vulnerability in Mbed TLS 3.6 allows attackers to execute arbitrary code or cause denial of service when applications directly call the affected ECDSA conversion functions with invalid parameters. This affects applications using Mbed TLS 3.6 with PSA disabled or when calling mbedtls_ecdsa_der_to_raw()/mbedtls_ecdsa_raw_to_der() directly.

💻 Affected Systems

Products:
  • Mbed TLS
Versions: 3.6.0
Operating Systems: All platforms running Mbed TLS
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when PSA is disabled or when applications directly call the affected functions with invalid bits parameter values.

📦 What is this software?

Mbed Tls by Arm

View all CVEs affecting Mbed Tls →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service, potentially leading to service disruption.

🟢

If Mitigated

No impact if applications don't call affected functions directly or use proper input validation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires attacker to control the bits parameter passed to affected functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.1

Vendor Advisory: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/

Restart Required: Yes

Instructions:

1. Download Mbed TLS 3.6.1 from official repository. 2. Replace vulnerable 3.6.0 installation. 3. Recompile and relink applications. 4. Restart affected services.

🔧 Temporary Workarounds

Disable vulnerable functions

all

Avoid calling mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() directly in application code.

Enable PSA configuration

all

Configure Mbed TLS with PSA enabled (MBEDTLS_PSA_CRYPTO_C) to mitigate vulnerability in some configurations.

# In mbedtls_config.h: #define MBEDTLS_PSA_CRYPTO_C

🧯 If You Can't Patch

  • Implement input validation to ensure bits parameter does not exceed maximum supported curve size before calling affected functions.
  • Isolate affected applications in network segments with restricted access.

🔍 How to Verify

Check if Vulnerable:

Check if application uses Mbed TLS 3.6.0 and calls mbedtls_ecdsa_der_to_raw() or mbedtls_ecdsa_raw_to_der() directly.

Check Version:

strings /path/to/libmbedtls.so | grep 'Mbed TLS' || mbedtls_version

Verify Fix Applied:

Verify Mbed TLS version is 3.6.1 or higher using version check command.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Stack overflow errors in application logs
  • Unexpected termination of TLS-related services

Network Indicators:

  • Failed TLS handshakes
  • Unexpected connection resets during ECDSA operations

SIEM Query:

event.category:process AND process.name:(your_app_name) AND event.outcome:failure AND error.message:"*segmentation fault*" OR "*stack overflow*"

📊 Metadata

CVE ID: CVE-2024-45158
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: September 5, 2024
Last Updated: May 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45158, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)