CVE-2024-45158
Description
Stack buffer overflow in Mbed TLS 3.6.0 ECDSA signature conversion functions when bits parameter exceeds supported curve size.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack buffer overflow in Mbed TLS 3.6.0 ECDSA signature conversion functions when bits parameter exceeds supported curve size.
Vulnerability
This issue affects Mbed TLS version 3.6.0. The functions mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() do not correctly validate their bits argument [2]. If the argument exceeds the bit-length of the largest supported curve, these functions may overflow a stack buffer with content copied from the input parameter. When MBEDTLS_PSA_CRYPTO_C is disabled, all values of bits are affected in some configurations, because the internal buffer may be zero-sized [2].
Exploitation
An attacker needs to call one of the affected functions directly with a controlled bits parameter larger than the largest supported curve [2]. The attacker must also control the buffer content or size that gets copied. These functions are declared in mbedtls/psa_util.h and were intended for use with the PSA API [2]. Internal library calls are safe; only direct application calls are vulnerable [2].
Impact
Successful exploitation leads to a stack buffer overflow with attacker-chosen content [2]. The attacker may overwrite stack data, potentially leading to arbitrary code execution, information disclosure, or denial of service. The CVSS severity is High [2].
Mitigation
Users should upgrade to Mbed TLS 3.6.1, which fixes the issue [1][2]. A workaround is to ensure that MBEDTLS_PSA_CRYPTO_C is enabled and to validate the bits parameter against a supported curve before calling the functions [2]. If upgrading is not possible, avoid passing attacker-controlled bits values.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Mbed TLS/Mbed TLSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A stack buffer overflow occurs in ECDSA signature conversion functions when processing curve parameters larger than supported."
Attack vector
An attacker can trigger a stack buffer overflow by calling the `mbedtls_ecdsa_der_to_raw()` or `mbedtls_ecdsa_raw_to_der()` functions with a `bits` parameter larger than the largest supported curve. This vulnerability affects applications that directly call these functions, particularly in configurations where PSA is disabled, as all values of `bits` become susceptible. The overflow can lead to critical confidentiality, integrity, and availability impacts [ref_id=1].
Affected code
The vulnerability resides in the `mbedtls_ecdsa_der_to_raw()` and `mbedtls_ecdsa_raw_to_der()` functions within the Mbed TLS library. These functions are responsible for converting between DER-encoded and raw formats for ECDSA signatures. The issue arises when the `bits` parameter, representing curve parameters, exceeds the maximum supported value, leading to a stack buffer overflow.
What the fix does
The advisory indicates that Mbed TLS 3.6.1 and later versions address this vulnerability. While the specific code changes are not detailed in the provided release notes, the fix likely involves adding bounds checking to the `bits` parameter within the `mbedtls_ecdsa_der_to_raw()` and `mbedtls_ecdsa_raw_to_der()` functions to prevent buffer overflows when processing curve parameters. Updating to Mbed TLS 3.6.1 or a later version is recommended to mitigate this risk [ref_id=1].
Preconditions
- configPSA crypto is disabled in some configurations.
- inputThe `bits` parameter passed to `mbedtls_ecdsa_der_to_raw()` or `mbedtls_ecdsa_raw_to_der()` is larger than the largest supported curve.
Generated on Jun 7, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- mbed-tls.readthedocs.io/en/latest/security-advisories/nvdVendor Advisory
- mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/nvdVendor Advisory
- github.com/Mbed-TLS/mbedtls/releases/nvdRelease Notes
News mentions
0No linked articles in our index yet.