From 8ece59dde96500bcc0dc1cb2c8b44e7788d96a1e Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Fri, 18 Oct 2024 13:51:16 +0100 Subject: [PATCH] update mbedtls entries Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-28755.json | 3 ++- data/anchore/2024/CVE-2024-28836.json | 3 ++- data/anchore/2024/CVE-2024-28960.json | 3 ++- data/anchore/2024/CVE-2024-30166.json | 3 ++- data/anchore/2024/CVE-2024-49195.json | 38 +++++++++++++++++++++++++++ 5 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 data/anchore/2024/CVE-2024-49195.json diff --git a/data/anchore/2024/CVE-2024-28755.json b/data/anchore/2024/CVE-2024-28755.json index e35ba042..b4507802 100644 --- a/data/anchore/2024/CVE-2024-28755.json +++ b/data/anchore/2024/CVE-2024-28755.json @@ -15,7 +15,8 @@ "affected": [ { "cpes": [ - "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*" + "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", + "cpe:2.3:a:mbed-tls:mbedtls:*:*:*:*:*:*:*:*" ], "product": "Mbed TLS", "repo": "https://github.com/Mbed-TLS/mbedtls", diff --git a/data/anchore/2024/CVE-2024-28836.json b/data/anchore/2024/CVE-2024-28836.json index 497067a3..a18c015f 100644 --- a/data/anchore/2024/CVE-2024-28836.json +++ b/data/anchore/2024/CVE-2024-28836.json @@ -13,7 +13,8 @@ "affected": [ { "cpes": [ - "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*" + "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", + "cpe:2.3:a:mbed-tls:mbedtls:*:*:*:*:*:*:*:*" ], "product": "Mbed TLS", "repo": "https://github.com/Mbed-TLS/mbedtls", diff --git a/data/anchore/2024/CVE-2024-28960.json b/data/anchore/2024/CVE-2024-28960.json index 0871c855..8068f7b4 100644 --- a/data/anchore/2024/CVE-2024-28960.json +++ b/data/anchore/2024/CVE-2024-28960.json @@ -15,7 +15,8 @@ "affected": [ { "cpes": [ - "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*" + "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", + "cpe:2.3:a:mbed-tls:mbedtls:*:*:*:*:*:*:*:*" ], "product": "Mbed TLS", "repo": "https://github.com/Mbed-TLS/mbedtls", diff --git a/data/anchore/2024/CVE-2024-30166.json b/data/anchore/2024/CVE-2024-30166.json index f4083d99..b0b14b83 100644 --- a/data/anchore/2024/CVE-2024-30166.json +++ b/data/anchore/2024/CVE-2024-30166.json @@ -13,7 +13,8 @@ "affected": [ { "cpes": [ - "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*" + "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", + "cpe:2.3:a:mbed-tls:mbedtls:*:*:*:*:*:*:*:*" ], "product": "Mbed TLS", "repo": "https://github.com/Mbed-TLS/mbedtls", diff --git a/data/anchore/2024/CVE-2024-49195.json b/data/anchore/2024/CVE-2024-49195.json new file mode 100644 index 00000000..ca689010 --- /dev/null +++ b/data/anchore/2024/CVE-2024-49195.json @@ -0,0 +1,38 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-49195", + "description": "Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair", + "needsReview": true, + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/", + "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", + "cpe:2.3:a:mbed-tls:mbedtls:*:*:*:*:*:*:*:*" + ], + "product": "mbedtls", + "repo": "https://github.com/Mbed-TLS/mbedtls", + "vendor": "mbed-tls", + "versions": [ + { + "lessThan": "3.6.2", + "status": "affected", + "version": "3.5.0", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file