← Back

CVE-2017-2784

nvd nist
Published: Apr 20, 2017Modified: Jun 5, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.

Affected (10)

Trustedfirmware
1 product
Mbed Tls
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Trustedfirmware
Mbed Tls
Up to 1.3.18
Mbed Tls
Version 2.0.0
Mbed Tls
Version 2.1.0
Mbed Tls
Version 2.1.1
Mbed Tls
Version 2.1.2
Mbed Tls
Version 2.1.3
Mbed Tls
Version 2.1.4
Mbed Tls
Version 2.1.5
Mbed Tls
Version 2.1.6
Mbed Tls
Version 2.4.0

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (6)

Source: talos-cna@cisco.com
ExploitTechnical DescriptionThird Party AdvisoryVDB Entry
Source: talos-cna@cisco.com
Source: talos-cna@cisco.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory

Timeline

No history available yet.