NVD disclosure day

Published threat advisories for September 5, 2024

CVE advisoryCRITICAL

CVE-2024-45159

Mbed TLS TLS 1.3 Client Certificate Validation Flaw

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Mbed TLS's TLS 1.3 implementation contains a flaw where servers with optional client authentication might incorrectly accept client certificates not intended for that purpose. This could allow an attacker to impersonate a legitimate client, potentially gaining unauthorized access. It is crucial to identify deployments

NVD published:

CVE advisoryCRITICAL

CVE-2024-45158

Mbed TLS Stack Buffer Overflow in ECDSA Parsing

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A stack buffer overflow exists in Mbed TLS cryptography library functions that parse ECDSA data. If an application directly uses these functions and has specific configurations, a reachable vulnerability could lead to crashes or code execution. This impacts data protection and system integrity. Uncertainty exists regar

NVD published: