PT-2017-15534 · Arm+2 · Mbed Tls+2

Published

2015-12-04

Updated

2026-06-05

CVE-2017-2784

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 1.3.19 mbed TLS versions 2.x prior to 2.1.7 mbed TLS versions 2.4.x prior to 2.4.2

Description A specially crafted x509 certificate can cause an invalid free of a stack pointer when parsed by the mbed TLS library, potentially leading to remote code execution. An attacker can exploit this issue by delivering malicious x509 certificates to vulnerable applications, either as a client or a server on a network.

Recommendations For mbed TLS versions prior to 1.3.19, update to version 1.3.19 or later. For mbed TLS versions 2.x prior to 2.1.7, update to version 2.1.7 or later. For mbed TLS versions 2.4.x prior to 2.4.2, update to version 2.4.2 or later.

Exploit

Fix

RCE

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2015-2061

ALT-PU-2017-1347

CVE-2017-2784

MGASA-2017-0094

OPENSUSE-SU-2017:0790-1

OPENSUSE-SU-2017:0792-1

OPENSUSE-SU-2017_0790-1

OPENSUSE-SU-2024:11043-1

Affected Products

Alt Linux

Suse

Mbed Tls

PT-2017-15534 · Arm+2 · Mbed Tls+2

CVE-2017-2784

Weakness Enumeration

Related Identifiers

Affected Products

References · 29