CVE-2024-45159

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.x before 3.6.1

Description An issue was discovered in Mbed TLS with TLS 1.3, when a server enables optional authentication of the client. If the client-provided certificate does not have appropriate values in keyUsage or extKeyUsage extensions, then the return value of mbedtls ssl get verify result() would incorrectly have the MBEDTLS X509 BADCERT KEY USAGE and MBEDTLS X509 BADCERT KEY USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication.

Recommendations For Mbed TLS versions 3.x before 3.6.1, update to version 3.6.1 or later to resolve the issue. As a temporary workaround, consider disabling optional client authentication for TLS 1.3 servers until a patch is available. Restrict access to mbedtls ssl get verify result() to minimize the risk of exploitation. Avoid using certificates without appropriate keyUsage or extKeyUsage extensions for TLS client authentication until the issue is resolved.