Bugzilla – Bug 1216078
VUL-0: CVE-2023-45199: mbedtls: buffer overflow in TLS handshake parsing with ECDH
Last modified: 2023-10-11 12:35:07 UTC
Title: Buffer overflow in TLS handshake parsing with ECDH CVE: CVE-2023-45199 Date: 05 October 2023 Affects: Mbed TLS 3.2.0 and above Impact: A remote attacker may cause arbitrary code execution. Severity: HIGH Credit: OSS-Fuzz Vulnerability: A TLS 1.3 client or server configured with support for signature-based authentication (i.e. any non-PSK key exchange) is vulnerable to a heap buffer overflow. The server copies up to 65535 bytes in a buffer that is shorter. An unauthenticated malicious peer can overflow the TLS handshake structure by sending an overly long ECDH or FFDH public key. A TLS 1.2 server configured with MBEDTLS_USE_PSA_CRYPTO and with support for a cipher suite using ECDH and a signature is vulnerable to a heap buffer overflow. An unauthenticated malicious peer can overflow the TLS handshake structure by sending an overly long ECDH public key. The server copies up to 255 bytes into a heap buffer that is sized for a valid public key, and thus shorter unless RSA or FFDH is enabled in addition to ECDH. TLS 1.2 clients, and builds without MBEDTLS_USE_PSA_CRYPTO are not affected. References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45199
This is an autogenerated message for OBS integration: This bug (1216078) was mentioned in https://build.opensuse.org/request/show/1116911 Factory / mbedtls