CVE-2017-2784 - OpenCVE

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arm	Mbed Tls

Configuration 1 [-]

OR	cpe:2.3:a:arm:mbed_tls::::::::
	cpe:2.3:a:arm:mbed_tls:2.0.0:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.0:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.1:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.2:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.3:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.4:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.5:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.6:::::::*
	cpe:2.3:a:arm:mbed_tls:2.4.0:::::::*

No data.

References

Link	Providers
http://www.talosintelligence.com/reports/TALOS-2017-0274/
https://security.gentoo.org/glsa/201706-18
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2017-04-20T18:00:00

Updated: 2024-08-05T14:02:07.676Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2784

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-20T18:59:01.593

Modified: 2022-04-19T19:15:20.407

Link: CVE-2017-2784

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "mbed TLS", "vendor": "ARM", "versions": [{"status": "affected", "version": "2.4.0"}]}], "datePublic": "2017-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Stack pointer vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:22:05", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "GLSA-201706-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-18"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2017-0274/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2017-2784", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mbed TLS", "version": {"version_data": [{"version_value": "2.4.0"}]}}]}, "vendor_name": "ARM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications."}]}, "impact": {"cvss": {"baseScore": 8.1, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stack pointer vulnerability"}]}]}, "references": {"reference_data": [{"name": "GLSA-201706-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-18"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2017-0274/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2017-0274/"}, {"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01", "refsource": "CONFIRM", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.676Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201706-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201706-18"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2017-0274/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2017-2784", "datePublished": "2017-04-20T18:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:07.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "matchCriteriaId": "D05A56CA-13ED-4619-82DE-B8727B0DD300", "versionEndIncluding": "1.3.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B395D81-876F-43FC-8DB9-44377647A37A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F92622F1-82DA-4819-8275-06DC9DBE1BA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5871FDE9-02D0-466C-BDB7-90A14C4F637E", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FE6B4875-3FC3-499F-A76B-2D04982F743A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B3B67842-5AFA-459F-9CCF-772B9DC7139F", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "AD0500EE-52C0-4896-B3D8-5BE731D66039", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "015739E9-C0E3-4A62-BB9D-FA836BFD4351", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "842B0D15-6A3D-4CEE-AD02-49B0436E78E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "525190A3-2194-4E4E-9D34-0048583B9C42", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable libre de un apuntador de pila en el c\u00f3digo de an\u00e1lisis de certificado x509 de ARM mbed TLS en versiones anteriores a 1.3.19, 2.x en versiones anteriores a 2.1.7 y 2.4.x en versiones anteriores a 2.4.2. Un certificado x509 especialmente manipulado, cuando se analiza por la biblioteca TLS mbed, puede provocar un inv\u00e1lido libre de un puntero de pila que conduce a una posible ejecuci\u00f3n de c\u00f3digo remoto. Para aprovechar esta vulnerabilidad, un atacante puede actuar como un cliente o un servidor en una red para entregar certificados maliciosos x509 a aplicaciones vulnerables."}], "id": "CVE-2017-2784", "lastModified": "2022-04-19T19:15:20.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2017-04-20T18:59:01.593", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "url": "http://www.talosintelligence.com/reports/TALOS-2017-0274/"}, {"source": "talos-cna@cisco.com", "url": "https://security.gentoo.org/glsa/201706-18"}, {"source": "talos-cna@cisco.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}