Products
Mbed TLS
- before 2.28.9
- before 3.6.1
Source
cve@mitre.org
Tags
CVE-2024-45157 details
Published : Sept. 5, 2024, 7:15 p.m.
Last Modified : Sept. 5, 2024, 7:15 p.m.
Last Modified : Sept. 5, 2024, 7:15 p.m.
Description
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://github.com/Mbed-TLS/mbedtls/releases/ | cve@mitre.org |
https://mbed-tls.readthedocs.io/en/latest/security-advisories/ | cve@mitre.org |
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/ | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.