CVE-2024-45158

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.6 through 3.6.0

Description A stack buffer overflow can occur in mbedtls ecdsa der to raw() and mbedtls ecdsa raw to der() when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. This issue can affect applications that call these functions directly.

Recommendations For Mbed TLS versions 3.6 through 3.6.0, update to version 3.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mbedtls ecdsa der to raw() and mbedtls ecdsa raw to der() functions to minimize the risk of exploitation. Avoid using bits parameter values larger than the largest supported curve in these functions until the issue is resolved.