Alpine: mbedtls: security update to 3.6.1-r0

critical Tenable Cloud Security Plugin ID 408496

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected
algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause
the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and
MBEDTLS_CTR_DRBG_C are disabled. (CVE-2024-45157)

- An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in
mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than
the largest supported curve. In some configurations with PSA disabled, all values of bits are affected.
(This never happens in internal library calls, but can affect applications that call these functions
directly.) (CVE-2024-45158)

- An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional
authentication of the client, if the client-provided certificate does not have appropriate values in if
keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would
incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a
result, an attacker that had a certificate valid for uses other than TLS client authentication would
nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only
with optional authentication (with required authentication, the handshake would be aborted with a fatal
alert). (CVE-2024-45159)

See Also

https://security.alpinelinux.org/vuln/CVE-2024-45157

https://security.alpinelinux.org/vuln/CVE-2024-45158

https://security.alpinelinux.org/vuln/CVE-2024-45159

Plugin Details

Severity: Critical

ID: 408496

Version: Revision 1.17

Type: Local

Published: 9/1/2024

Updated: 12/15/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-45159

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/3/2024

Reference Information

CVE: CVE-2024-45157, CVE-2024-45158, CVE-2024-45159