CVE-2024-45158 is a critical security vulnerability identified in Mbed TLS versions before 3.6.1, involving a stack-based buffer overflow in the elliptic curve digital signature algorithm (ECDSA) DER-to-raw and raw-to-DER conversion functions: mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der(). The vulnerability arises when the 'bits' parameter passed to these functions exceeds the size of the largest supported elliptic curve, causing the functions to write beyond the allocated stack buffer. This issue is particularly relevant in configurations where PSA (Platform Security Architecture) is disabled, as in such cases, all values of 'bits' can trigger the overflow. The flaw does not manifest during internal library calls, but applications that directly call these functions with crafted inputs are at risk. Exploitation could lead to arbitrary code execution, memory corruption, or denial of service due to stack smashing. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its critical severity, with attack vector being network, no privileges required, no user interaction needed, and impacts on confidentiality, integrity, and availability. Although no exploits have been reported in the wild yet, the severity and ease of exploitation make it a significant threat. The root cause is a classic CWE-121 (stack-based buffer overflow) due to insufficient bounds checking on input parameters. Mitigation requires updating to Mbed TLS 3.6.1 or later where the issue is fixed.

The vulnerability poses a severe risk to organizations relying on Mbed TLS for cryptographic operations, particularly those using ECDSA signature conversions in their applications. Successful exploitation can lead to arbitrary code execution, allowing attackers to compromise the confidentiality and integrity of sensitive data, or cause denial of service by crashing affected services. This can undermine secure communications, authentication mechanisms, and data protection in environments such as IoT devices, embedded systems, and network appliances that embed Mbed TLS. Given the network attack vector and lack of required privileges or user interaction, attackers can remotely exploit this flaw to gain control over vulnerable systems. This could lead to widespread compromise in critical infrastructure, financial services, telecommunications, and any sector using vulnerable cryptographic libraries. The absence of known exploits in the wild currently provides a window for proactive mitigation before active attacks emerge.

Organizations should immediately identify all systems and applications using Mbed TLS versions prior to 3.6.1, especially those that directly invoke mbedtls_ecdsa_der_to_raw() or mbedtls_ecdsa_raw_to_der(). The primary mitigation is to upgrade to Mbed TLS 3.6.1 or later, where the vulnerability is patched. For environments where immediate upgrade is not feasible, review application code to ensure these functions are not called directly with untrusted or unchecked 'bits' parameters. Enable PSA support if possible, as it restricts the affected code paths. Implement strict input validation and bounds checking on parameters passed to cryptographic functions. Employ runtime protections such as stack canaries, address space layout randomization (ASLR), and control flow integrity (CFI) to reduce exploitation risk. Monitor network traffic for anomalous patterns that could indicate attempts to exploit this vulnerability. Finally, maintain up-to-date threat intelligence to respond rapidly if exploits emerge.