CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-49195

CVSS 9.8v3.1pub. 2024-10-15upd. 2026-06-05

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

🤖 AI Analysis
How it works

The vulnerability occurs in the pkwrite module of the Mbed TLS library when processing an opaque key pair. During the key write operation, a write occurs below the lower boundary of the allocated buffer (buffer underrun), resulting in memory corruption outside the intended area. This type of error can lead to controlled overwriting of data in the process memory, potentially allowing an attacker to gain control over code execution.

Impact

An attacker can cause memory corruption, which in the worst-case scenario enables remote code execution (RCE), disclosure of sensitive data, or application crash using the Mbed TLS library.

Mitigation & patch

Mbed TLS should be updated to version 3.6.2 or later. Detailed information is available in the official security bulletin from the vendor at: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/

Who is affected

Arm Mbed TLS in versions 3.5.x and 3.6.x before 3.6.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Trustedfirmware Mbed Tls

    APP
    Trustedfirmware
    3.5.0 – 3.6.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-34877CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację kontekstu SSL w Mbed TLS

CVE-2026-34873CRITICAL9.1PL ✓ten sam produkt

Arm Mbed TLS: podszywanie się pod klienta przy wznawianiu sesji TLS 1.3

CVE-2026-34875CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w eksporcie klucza publicznego FFDH w Mbed TLS i TF-PSA-Crypto

CVE-2024-45159CRITICAL9.8PL ✓ten sam produkt

Arm Mbed TLS: błąd weryfikacji certyfikatu klienta w TLS 1.3

CVE-2024-45158CRITICAL9.8PL ✓ten sam produkt

Stack buffer overflow w Mbed TLS – funkcje konwersji ECDSA