CVE-2017-2784

Published Apr 20, 2017

Last updated 3 months ago

CVSS high 8.1

Overview

Description: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
Source: talos-cna@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D05A56CA-13ED-4619-82DE-B8727B0DD300",
            "versionEndIncluding": "1.3.18"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B395D81-876F-43FC-8DB9-44377647A37A"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F92622F1-82DA-4819-8275-06DC9DBE1BA1"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5871FDE9-02D0-466C-BDB7-90A14C4F637E"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE6B4875-3FC3-499F-A76B-2D04982F743A"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3B67842-5AFA-459F-9CCF-772B9DC7139F"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD0500EE-52C0-4896-B3D8-5BE731D66039"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "015739E9-C0E3-4A62-BB9D-FA836BFD4351"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "842B0D15-6A3D-4CEE-AD02-49B0436E78E4"
          },
          {
            "criteria": "cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "525190A3-2194-4E4E-9D34-0048583B9C42"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References