CVE-2024-45158

9.8 CRITICAL

An issue was discovered in Mbed TLS 3.6 before 3.6.1

Published: 2024-09-05 · Last updated: 2026-06-05

Severity and scoring

CVSS: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121

Affected products

Vendor	Product
trustedfirmware	mbed_tls

Description

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2024-45158
[Other]https://github.com/Mbed-TLS/mbedtls/releases/
[Vendor advisory]https://mbed-tls.readthedocs.io/en/latest/security-advisories/
[Vendor advisory]https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/

Related CVEs

Same vendor

CVE-2026-45702 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.4 MEDIUM)
CVE-2026-45614 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.7 MEDIUM)
CVE-2026-40290 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.8 HIGH)
CVE-2026-33662 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.5 HIGH)
CVE-2026-33317 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (8.7 HIGH)

Same CWE

CVE-2025-7019 — Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivir... (5.5 MEDIUM)
CVE-2026-49760 — Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow
CVE-2026-49759 — Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by...
CVE-2026-26241 — A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)
CVE-2026-26240 — A buffer overflow vulnerability has been reported to affect File Station 5 (9.1 CRITICAL)