CVE-2017-2784
published 2017-04-20CVE-2017-2784: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x…
PriorityP349high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
3.39%
87.3th percentile
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | mbed_tls | — | — |
| debian | mbedtls | < mbedtls 2.4.2-1 (bookworm) | mbedtls 2.4.2-1 (bookworm) |
| mbed | mbedtls | >= 0 < 2.4.2-1 | 2.4.2-1 |
| mbed | mbedtls | >= 0 < 2.4.2-1 | 2.4.2-1 |
| mbed | mbedtls | >= 0 < 2.4.2-1 | 2.4.2-1 |
| mbed | mbedtls | >= 0 < 2.4.2-1 | 2.4.2-1 |
| trustedfirmware | mbed_tls | <= 1.3.18 | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
| trustedfirmware | mbed_tls | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5wj7-rhf5-hqx4: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1
ghsa_unreviewed·2022-05-13
CVE-2017-2784 [HIGH] CWE-295 GHSA-5wj7-rhf5-hqx4: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
OSV
CVE-2017-2784: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1
osv·2017-04-20·CVSS 8.1
CVE-2017-2784 [HIGH] CVE-2017-2784: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
Debian
CVE-2017-2784: mbedtls - An exploitable free of a stack pointer vulnerability exists in the x509 certific...
vendor_debian·2017·CVSS 8.1
CVE-2017-2784 [HIGH] CVE-2017-2784: mbedtls - An exploitable free of a stack pointer vulnerability exists in the x509 certific...
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
Scope: local
bookworm: resolved (fixed in 2.4.2-1)
bullseye: resolved (fixed in 2.4.2-1)
forky: resolved (fixed in 2.4.2-1)
sid: resolved (fixed in 2.4.2-1)
trixie: resolved (fixed in 2.4.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free
bugzilla·2017-04-19·CVSS 8.1
CVE-2017-2784 [HIGH] CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free
CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
External References:
http://www.talosintelligence.com/reports/TALOS-2017-0274/
Discussion:
Created mbedtls tracking bugs for this issue:
Affects: epel-all [bug 1443604]
Affects: fedora-all [bug 1443603]
Bugzilla
CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free [epel-all]
bugzilla·2017-04-19·CVSS 8.1
CVE-2017-2784 [HIGH] CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free [epel-all]
CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple support
Bugzilla
CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free [fedora-all]
bugzilla·2017-04-19·CVSS 8.1
CVE-2017-2784 [HIGH] CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free [fedora-all]
CVE-2017-2784 mbedtls: ARM Mbedtls x509 ECDSA invalid public key use-after-free [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
Talos
Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability
blogs_talos·2017-04-19·CVSS 8.1
CVE-2017-2784 [HIGH] Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability
## Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability
Vulnerability Discovered by Aleksandar Nikolic
## Overview
Talos is disclosing TALOS-2017-0274/CVE-2017-2784, a code execution vulnerability in ARM MbedTLS. This vulnerability is specifically related to how MbedTLS handles x509 certificates. MbedTLS is an SSL/TLS implementation aimed specifically at embedded devices that was previously known as PolarSSL.
The vulnerability exists in the part of the code responsible for handling elliptic curve cryptography keys. An attacker can trigger this vulnerability by providing a specially crafted x509 certificate to the target which performs a series of checks on the certificate. While performing these checks the application fails to properly parse t
Talos
Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability
blogs_talos·2017-04-19·CVSS 8.1
CVE-2017-2784 [HIGH] Vulnerability Spotlight: ARM Mbedtls x509 ECDSA invalid public key Code Execution Vulnerability
Vulnerability Discovered by Aleksandar Nikolic
### Overview
Talos is disclosing TALOS-2017-0274/CVE-2017-2784, a code execution vulnerability in ARM MbedTLS. This vulnerability is specifically related to how MbedTLS handles x509 certificates. MbedTLS is an SSL/TLS implementation aimed specifically at embedded devices that was previously known as PolarSSL.
The vulnerability exists in the part of the code responsible for handling elliptic curve cryptography keys. An attacker can trigger this vulnerability by providing a specially crafted x509 certificate to the target which performs a series of checks on the certificate. While performing these checks the application fails to properly parse the public key. This results in the invalid free of a stack pointer. There is a mitigating factor as
http://www.talosintelligence.com/reports/TALOS-2017-0274/https://security.gentoo.org/glsa/201706-18https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01http://www.talosintelligence.com/reports/TALOS-2017-0274/https://security.gentoo.org/glsa/201706-18https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
2017-04-20
Published