CVE-2017-2784 - OpenCVE

An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Arm	Mbed Tls

Configuration 1 [-]

OR	cpe:2.3:a:arm:mbed_tls::::::::
	cpe:2.3:a:arm:mbed_tls:2.0.0:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.0:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.1:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.2:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.3:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.4:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.5:::::::*
	cpe:2.3:a:arm:mbed_tls:2.1.6:::::::*
	cpe:2.3:a:arm:mbed_tls:2.4.0:::::::*

References

Link	Resource
http://www.talosintelligence.com/reports/TALOS-2017-0274/	Exploit Technical Description Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201706-18
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2017-04-20T18:00:00

Updated: 2022-04-19T18:22:05

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2784

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-20T18:59:01.593

Modified: 2022-04-19T19:15:20.407

Link: CVE-2017-2784

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "mbed TLS", "vendor": "ARM", "versions": [{"status": "affected", "version": "2.4.0"}]}], "datePublic": "2017-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Stack pointer vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:22:05", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "GLSA-201706-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-18"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2017-0274/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2017-2784", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mbed TLS", "version": {"version_data": [{"version_value": "2.4.0"}]}}]}, "vendor_name": "ARM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications."}]}, "impact": {"cvss": {"baseScore": 8.1, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stack pointer vulnerability"}]}]}, "references": {"reference_data": [{"name": "GLSA-201706-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-18"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2017-0274/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2017-0274/"}, {"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01", "refsource": "CONFIRM", "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"}]}}}}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2017-2784", "datePublished": "2017-04-20T18:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2022-04-19T18:22:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "matchCriteriaId": "D05A56CA-13ED-4619-82DE-B8727B0DD300", "versionEndIncluding": "1.3.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B395D81-876F-43FC-8DB9-44377647A37A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F92622F1-82DA-4819-8275-06DC9DBE1BA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5871FDE9-02D0-466C-BDB7-90A14C4F637E", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FE6B4875-3FC3-499F-A76B-2D04982F743A", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B3B67842-5AFA-459F-9CCF-772B9DC7139F", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "AD0500EE-52C0-4896-B3D8-5BE731D66039", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "015739E9-C0E3-4A62-BB9D-FA836BFD4351", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "842B0D15-6A3D-4CEE-AD02-49B0436E78E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "525190A3-2194-4E4E-9D34-0048583B9C42", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable libre de un apuntador de pila en el c\u00f3digo de an\u00e1lisis de certificado x509 de ARM mbed TLS en versiones anteriores a 1.3.19, 2.x en versiones anteriores a 2.1.7 y 2.4.x en versiones anteriores a 2.4.2. Un certificado x509 especialmente manipulado, cuando se analiza por la biblioteca TLS mbed, puede provocar un inv\u00e1lido libre de un puntero de pila que conduce a una posible ejecuci\u00f3n de c\u00f3digo remoto. Para aprovechar esta vulnerabilidad, un atacante puede actuar como un cliente o un servidor en una red para entregar certificados maliciosos x509 a aplicaciones vulnerables."}], "id": "CVE-2017-2784", "lastModified": "2022-04-19T19:15:20.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2017-04-20T18:59:01.593", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "url": "http://www.talosintelligence.com/reports/TALOS-2017-0274/"}, {"source": "talos-cna@cisco.com", "url": "https://security.gentoo.org/glsa/201706-18"}, {"source": "talos-cna@cisco.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}