[Bug 1231710] New: VUL-0: CVE-2024-49195: godot: mbedtls: buffer underrun in pkwrite when writing an opaque key pair
https://bugzilla.suse.com/show_bug.cgi?id=1231710 Bug ID: 1231710 Summary: VUL-0: CVE-2024-49195: godot: mbedtls: buffer underrun in pkwrite when writing an opaque key pair Classification: openSUSE Product: openSUSE Distribution Version: Leap 16.0 Hardware: Other URL: https://smash.suse.de/issue/424184/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: andrea.mattiazzo@suse.com QA Contact: qa-bugs@suse.de CC: andrea.mattiazzo@suse.com, security-team@suse.de, smash_bz@suse.de Depends on: 1231707, 1231708, 1231709 Target Milestone: --- Found By: Security Response Team Blocker: --- Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair References: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49195 https://www.cve.org/CVERecord?id=CVE-2024-49195 https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-securi... Patch: https://github.com/Mbed-TLS/mbedtls/commit/5f1c8a720fdcc62cb9854da7b3a64a770... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1231710 https://bugzilla.suse.com/show_bug.cgi?id=1231710#c1 Andrea Mattiazzo <andrea.mattiazzo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |CVSSv3.1:SUSE:CVE-2024-4919 | |5:8.1:(AV:N/AC:H/PR:N/UI:N/ | |S:U/C:H/I:H/A:H) | |CVSSv4:SUSE:CVE-2024-49195: | |9.2:(AV:N/AC:H/AT:P/PR:N/UI | |:N/VC:H/VI:H/VA:H/SC:N/SI:N | |/SA:N) Depends on|1231707, 1231708, 1231709 | Assignee|security-team@suse.de |cunix@mail.de Blocks| |1231707 QA Contact|qa-bugs@suse.de |security-team@suse.de --- Comment #1 from Andrea Mattiazzo <andrea.mattiazzo@suse.com> --- Tracking as affected: - openSUSE:Factory/godot -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1231710 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1231710 https://bugzilla.suse.com/show_bug.cgi?id=1231710#c3 Andrea Mattiazzo <andrea.mattiazzo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Flags|needinfo?(andrea.mattiazzo@ | |suse.com) | Status|NEW |RESOLVED --- Comment #3 from Andrea Mattiazzo <andrea.mattiazzo@suse.com> --- Thanks for the info, didn't notice the spec section. Closing as not affected. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com