#VU32141 Improper Certificate Validation in mbedtls - CVE-2017-2784

Cybersecurity Help s.r.o.

Published: 2017-04-20 | Updated: 2020-07-28

Vulnerability identifier: #VU32141

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-2784

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
mbedtls
Other software / Other software solutions

Vendor: tls.mbed.org

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.

Mitigation
Install update from vendor's website.

Vulnerable software versions

mbedtls: 1.3.10 - 2.2.1

External links
https://www.talosintelligence.com/reports/TALOS-2017-0274/
https://security.gentoo.org/glsa/201706-18
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for mbed TLS

Improper Certificate Validation in tls.mbed mbedtls

OpenSUSE Linux update for mbedtls

Arch Linux update for mbedtls

Improper Certificate Validation in mbedtls (Alpine package)