Bug ID	1231710
Summary	VUL-0: CVE-2024-49195: godot: mbedtls: buffer underrun in pkwrite when writing an opaque key pair
Classification	openSUSE
Product	openSUSE Distribution
Version	Leap 16.0
Hardware	Other
URL	https://smash.suse.de/issue/424184/
OS	Other
Status	NEW
Severity	Normal
Priority	P5 - None
Component	Security
Assignee	security-team@suse.de
Reporter	andrea.mattiazzo@suse.com
QA Contact	qa-bugs@suse.de
CC	andrea.mattiazzo@suse.com, security-team@suse.de, smash_bz@suse.de
Depends on	1231707, 1231708, 1231709
Target Milestone	---
Found By	Security Response Team
Blocker	---

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when
writing an opaque key pair

References:
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49195
https://www.cve.org/CVERecord?id=CVE-2024-49195
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/

Patch:
https://github.com/Mbed-TLS/mbedtls/commit/5f1c8a720fdcc62cb9854da7b3a64a7708f5f88c

You are receiving this mail because:

You are on the CC list for the bug.