An issue exists in Mbed TLS prior to 2.25.0 (and prior to 2.16.9 LTS and prior to 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arm mbed tls |
||
siemens logo\\!_cmr2020_firmware |
||
siemens logo\\!_cmr2040_firmware |
||
siemens simatic_rtu3031c_firmware |
||
siemens simatic_rtu3041c_firmware |
||
siemens simatic_rtu3030c_firmware |
||
siemens simatic_rtu3000c_firmware |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |