CVE-2017-2784

CVE-2017-2784

Name

CVE-2017-2784

Description

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	http://www.talosintelligence.com/reports/TALOS-2017-0274/
talos-cna@cisco.com	https://security.gentoo.org/glsa/201706-18
Mitigation	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01

Type

URI

Exploit

http://www.talosintelligence.com/reports/TALOS-2017-0274/

talos-cna@cisco.com

https://security.gentoo.org/glsa/201706-18

Mitigation

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:trustedfirmware:mbed_tls::::::::`	mbed_tls	>= None	<= 1.3.18
`cpe:2.3:a:trustedfirmware:mbed_tls:2.0.0:::::::*`	mbed_tls	== None	== 2.0.0
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.0:::::::*`	mbed_tls	== None	== 2.1.0
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.1:::::::*`	mbed_tls	== None	== 2.1.1
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.2:::::::*`	mbed_tls	== None	== 2.1.2
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.3:::::::*`	mbed_tls	== None	== 2.1.3
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.4:::::::*`	mbed_tls	== None	== 2.1.4
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.5:::::::*`	mbed_tls	== None	== 2.1.5
`cpe:2.3:a:trustedfirmware:mbed_tls:2.1.6:::::::*`	mbed_tls	== None	== 2.1.6
`cpe:2.3:a:trustedfirmware:mbed_tls:2.4.0:::::::*`	mbed_tls	== None	== 2.4.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*

mbed_tls

>= None

<= 1.3.18

cpe:2.3:a:trustedfirmware:mbed_tls:2.0.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.0.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.0

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.1:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.1

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.2:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.2

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.3:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.3

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.4:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.4

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.5:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.5

cpe:2.3:a:trustedfirmware:mbed_tls:2.1.6:*:*:*:*:*:*:*

mbed_tls

== None

== 2.1.6

cpe:2.3:a:trustedfirmware:mbed_tls:2.4.0:*:*:*:*:*:*:*

mbed_tls

== None

== 2.4.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
mbedtls2	edge-community	2.4.2-r0	None	fixed
mbedtls2	3.22-community	2.4.2-r0	None	fixed
mbedtls2	3.21-community	2.4.2-r0	None	fixed
mbedtls2	3.20-community	2.4.2-r0	None	fixed
mbedtls	edge-main	2.4.2-r0	None	fixed
mbedtls	3.22-main	2.4.2-r0	None	fixed
mbedtls	3.21-main	2.4.2-r0	None	fixed
mbedtls	3.20-main	2.4.2-r0	None	fixed
mbedtls	3.19-main	2.4.2-r0	None	fixed
mbedtls	3.18-main	2.4.2-r0	None	fixed
mbedtls	3.17-main	2.4.2-r0	None	fixed
mbedtls	3.12-main	2.4.2-r0	None	fixed
mbedtls	3.11-main	2.4.2-r0	None	fixed
mbedtls	3.10-main	2.4.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

mbedtls2

edge-community

2.4.2-r0

None

fixed

mbedtls2

3.22-community