https://bugzilla.suse.com/show_bug.cgi?id=1231710 Bug ID: 1231710 Summary: VUL-0: CVE-2024-49195: godot: mbedtls: buffer underrun in pkwrite when writing an opaque key pair Classification: openSUSE Product: openSUSE Distribution Version: Leap 16.0 Hardware: Other URL: https://smash.suse.de/issue/424184/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: andrea.mattiazzo@suse.com QA Contact: qa-bugs@suse.de CC: andrea.mattiazzo@suse.com, security-team@suse.de, smash_bz@suse.de Depends on: 1231707, 1231708, 1231709 Target Milestone: --- Found By: Security Response Team Blocker: --- Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair References: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49195 https://www.cve.org/CVERecord?id=CVE-2024-49195 https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-securi... Patch: https://github.com/Mbed-TLS/mbedtls/commit/5f1c8a720fdcc62cb9854da7b3a64a770... -- You are receiving this mail because: You are on the CC list for the bug.