CVE-2024-23775 Overview
An Integer Overflow vulnerability has been discovered in Arm Mbed TLS, a widely-used open-source cryptographic library designed for embedded systems. The vulnerability affects Mbed TLS versions 2.x before 2.28.7 and 3.x before 3.5.2. This flaw resides in the mbedtls_x509_set_extension() function and allows remote attackers to cause a denial of service (DoS) condition by triggering an integer overflow during X.509 certificate extension processing.
Critical Impact
Attackers can exploit this integer overflow vulnerability to crash applications and services that rely on Mbed TLS for cryptographic operations, potentially disrupting TLS/SSL communications across embedded devices, IoT systems, and network services.
Affected Products
- Arm Mbed TLS 2.x versions prior to 2.28.7
- Arm Mbed TLS 3.x versions prior to 3.5.2
- Applications and embedded systems utilizing vulnerable Mbed TLS libraries
Discovery Timeline
- January 31, 2024 - CVE-2024-23775 published to NVD
- November 4, 2025 - Last updated in NVD database
Technical Details for CVE-2024-23775
Vulnerability Analysis
This vulnerability is classified as CWE-190 (Integer Overflow or Wraparound). The flaw occurs within the mbedtls_x509_set_extension() function, which is responsible for setting X.509 certificate extensions during certificate generation or parsing operations.
When processing certificate extensions, the function performs arithmetic operations on size values without adequate bounds checking. If an attacker supplies specially crafted input that causes these size calculations to overflow, the resulting wrapped-around value can lead to improper memory allocation or buffer operations. This can cause the application to crash or enter an unstable state.
The vulnerability is particularly concerning for applications that process X.509 certificates from untrusted sources, such as TLS servers accepting client certificates or certificate validation services.
Root Cause
The root cause of CVE-2024-23775 is insufficient validation of integer arithmetic operations in the mbedtls_x509_set_extension() function. When extension data sizes are combined or manipulated, the code fails to check whether the resulting values exceed the maximum representable integer value, allowing wraparound to occur. This is a common vulnerability pattern in C-based cryptographic libraries where size calculations are performed without overflow guards.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by sending a maliciously crafted X.509 certificate or certificate request to an application using a vulnerable version of Mbed TLS. The attack specifically targets the extension processing logic:
- The attacker creates a certificate with extension data designed to trigger integer overflow conditions
- When the target application processes this certificate via mbedtls_x509_set_extension(), the integer overflow occurs
- The resulting memory corruption or invalid state causes the application to crash, resulting in denial of service
For detailed technical information, refer to the Mbed TLS Security Advisory.
Detection Methods for CVE-2024-23775
Indicators of Compromise
- Unexpected application crashes or service interruptions in systems using Mbed TLS for TLS/SSL operations
- Crash dumps or error logs indicating memory corruption or segmentation faults in mbedtls_x509_set_extension() or related X.509 processing functions
- Unusual X.509 certificates with abnormally large extension fields in network traffic or certificate stores
Detection Strategies
- Implement application crash monitoring for services utilizing Mbed TLS, specifically watching for crashes in X.509 certificate processing paths
- Deploy network intrusion detection rules to identify malformed X.509 certificates with suspicious extension sizes
- Utilize software composition analysis (SCA) tools to identify applications using vulnerable Mbed TLS versions (2.x < 2.28.7 or 3.x < 3.5.2)
Monitoring Recommendations
- Monitor TLS handshake failure rates and application restart frequency for anomalies that may indicate exploitation attempts
- Enable verbose logging for certificate processing operations in production environments where feasible
- Implement alerting for repeated service crashes that may indicate active exploitation
How to Mitigate CVE-2024-23775
Immediate Actions Required
- Upgrade Mbed TLS 2.x installations to version 2.28.7 or later immediately
- Upgrade Mbed TLS 3.x installations to version 3.5.2 or later immediately
- Conduct a comprehensive inventory of all systems and applications utilizing Mbed TLS to ensure complete coverage
- Prioritize patching for internet-facing services and systems that process certificates from untrusted sources
Patch Information
Arm has released patched versions that address this integer overflow vulnerability. Organizations should update to:
- Mbed TLS 2.x: Upgrade to version 2.28.7 or later
- Mbed TLS 3.x: Upgrade to version 3.5.2 or later
For complete patch details and release notes, consult the Mbed TLS Security Advisory. Linux distributions have also issued updates; see the Fedora Package Announcements for distribution-specific guidance.
Workarounds
- If immediate patching is not possible, implement network-level controls to restrict certificate processing to trusted sources only
- Consider implementing certificate size validation at the application level before passing certificates to Mbed TLS functions
- Deploy web application firewalls (WAF) or intrusion prevention systems (IPS) capable of inspecting and filtering malformed certificates
# Verify current Mbed TLS version on Linux systems
dpkg -l | grep mbedtls
# or for RPM-based systems
rpm -qa | grep mbedtls
# After upgrading, verify the new version is installed
mbedtls_version=$(pkg-config --modversion mbedtls 2>/dev/null)
echo "Mbed TLS Version: $mbedtls_version"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
