-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability CVE-2024-45157 describes a situation where the Mbed TLS PSA subsystem does not use the user-selected DRBG algorithm (HMAC_DRBG via MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) if MBEDTLS_CTR_DRBG_C is also enabled. Instead, CTR_DRBG is prioritized. This is not a flaw fixed by a code patch but a miscommunication in documentation that has now been corrected. The function mbedtls_psa_crypto_init() is identified as the location where this DRBG selection logic, based on compile-time preprocessor directives, resides. Therefore, it is the function whose behavior is central to the described vulnerability, as it determines which DRBG is initialized and subsequently used by PSA operations like psa_generate_random(). While not 'vulnerable' in the sense of a memory corruption or exploitable flaw, its existing conditional logic is what leads to the behavior described in the CVE.
KEV Misses 88% of Exploited CVEs- Get the report