Peter Kolbus

**Name of the Vulnerable Software and Affected Versions** Mbed TLS versions prior to 2.25.0 Mbed TLS versions prior to 2.16.9 LTS Mbed TLS versions prior to 2.7.18 LTS **Description** The issue is related to the mbedtls mpi exp mod function in Mbed TLS, which lacks a limit on the size of data during calculations. This allows a remote attacker to cause a denial of service by supplying overly large parameters, particularly when generating Diffie-Hellman key pairs. **Recommendations** For Mbed TLS versions prior to 2.25.0, update to version 2.25.0 or later to resolve the issue. For Mbed TLS versions prior to 2.16.9 LTS, update to version 2.16.9 LTS or later to resolve the issue. For Mbed TLS versions prior to 2.7.18 LTS, update to version 2.7.18 LTS or later to resolve the issue. As a temporary workaround, consider restricting the size of parameters supplied to the `mbedtls mpi exp mod` function to prevent overly large inputs.