PT-2017-15534 · Arm+2 · Mbed Tls+2

Publicado

2015-12-04

Atualizado

2026-06-05

CVE-2017-2784

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 1.3.19 mbed TLS versions 2.x prior to 2.1.7 mbed TLS versions 2.4.x prior to 2.4.2

Description A specially crafted x509 certificate can cause an invalid free of a stack pointer when parsed by the mbed TLS library, potentially leading to remote code execution. An attacker can exploit this issue by delivering malicious x509 certificates to vulnerable applications, either as a client or a server on a network.

Recommendations For mbed TLS versions prior to 1.3.19, update to version 1.3.19 or later. For mbed TLS versions 2.x prior to 2.1.7, update to version 2.1.7 or later. For mbed TLS versions 2.4.x prior to 2.4.2, update to version 2.4.2 or later.

Exploit

Correção

RCE

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

ALT-PU-2015-2061

ALT-PU-2017-1347

CVE-2017-2784

MGASA-2017-0094

OPENSUSE-SU-2017:0790-1

OPENSUSE-SU-2017:0792-1

OPENSUSE-SU-2017_0790-1

OPENSUSE-SU-2024:11043-1

Produtos afetados

Alt Linux

Suse

Mbed Tls

PT-2017-15534 · Arm+2 · Mbed Tls+2

CVE-2017-2784

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 29