mbedTLS Security Advisory

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AxLi_1746341
Level 7
Level 7
10 comments on KBA 5 comments on KBA First comment on KBA

Hi,

The WICED-Studio-6.0.1 uses an old version of mbedTLS library (v2.4.0).

I'm wondering if WICED is impacted by below vulnerability?

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01

If yes, please include the fix in the upcoming release.

Thanks.

1 Solution

Here is the official statement:

"As part of WICED 6.2 SDK, we will be upgrading to 2.6.0 that should address the first 2 issues (the third issue does not impact WICED, see note below). We do not plan to upgrade to 2.7.0 yet as it was released just a couple of weeks ago – we would like to wait at least a month or so to see if there are any major glitches before upgrading.

Freeing of memory allocated on stack when validating a public key with a secp224k1 curve

>>> As per the security advisory, this issue shall impact WICED. The suggested workaround is to disable MBEDTLS_ECP_DP_SECP224K1_ENABLED in config.h. This issue does not exist in 2.6.0 and should be resolved when we upgrade to 2.6.0 as part of WICED studio 6.2 release.

Bypass of authentication of peer possible when the authentication mode is configured as 'optional'

>>> As per the security advisory, this issue will impact only if MBEDTLS_SSL_VERIFY_REQUIRED is turned off. However, by default in WICED, we have this MACRO enabled and our recommendation is to keep it enabled. As long as the customer does not alter this value, they are good. Anyways, this issue will also get addressed as part of 2.6.0.

Risk of remote code execution when truncated HMAC is enabled

>>> As per the security advisory, this issue will impact only if MBEDTLS_SSL_TRUNCATED_HMAC is enabled. We do not have this MACRO enabled in WICED. This issue has been fixed in 2.7.0; however we are not upgrading to 2.7.0 yet. But as I mentioned, as long as this flag is not enabled, it shouldn’t matter."

View solution in original post

7 Replies
AxLi_1746341
Level 7
Level 7
10 comments on KBA 5 comments on KBA First comment on KBA

sdk-6.1 still uses mbedTLS 2.4.0.

Maybe cypress can fix this in next release?

0 Likes

Here is the official statement:

"As part of WICED 6.2 SDK, we will be upgrading to 2.6.0 that should address the first 2 issues (the third issue does not impact WICED, see note below). We do not plan to upgrade to 2.7.0 yet as it was released just a couple of weeks ago – we would like to wait at least a month or so to see if there are any major glitches before upgrading.

Freeing of memory allocated on stack when validating a public key with a secp224k1 curve

>>> As per the security advisory, this issue shall impact WICED. The suggested workaround is to disable MBEDTLS_ECP_DP_SECP224K1_ENABLED in config.h. This issue does not exist in 2.6.0 and should be resolved when we upgrade to 2.6.0 as part of WICED studio 6.2 release.

Bypass of authentication of peer possible when the authentication mode is configured as 'optional'

>>> As per the security advisory, this issue will impact only if MBEDTLS_SSL_VERIFY_REQUIRED is turned off. However, by default in WICED, we have this MACRO enabled and our recommendation is to keep it enabled. As long as the customer does not alter this value, they are good. Anyways, this issue will also get addressed as part of 2.6.0.

Risk of remote code execution when truncated HMAC is enabled

>>> As per the security advisory, this issue will impact only if MBEDTLS_SSL_TRUNCATED_HMAC is enabled. We do not have this MACRO enabled in WICED. This issue has been fixed in 2.7.0; however we are not upgrading to 2.7.0 yet. But as I mentioned, as long as this flag is not enabled, it shouldn’t matter."

grsr wrote:

Here is the official statement:

"As part of WICED 6.2 SDK, we will be upgrading to 2.6.0 that should address the first 2 issues (the third issue does not impact WICED, see note below). We do not plan to upgrade to 2.7.0 yet as it was released just a couple of weeks ago – we would like to wait at least a month or so to see if there are any major glitches before upgrading.

hi grsr

Thanks for your response.

FYI, Here is the release note to show what is fixed by 2.7.0.

https://tls.mbed.org/tech-updates/releases/mbedtls-2.7.0-2.1.10-and-1.3.22-released

All users affected by one of the issues should update.

I believe you will find good reasons to use latest release after checking security and bugfix sections.

0 Likes

grsr wrote:

however we are not upgrading to 2.7.0 yet. But as I mentioned, as long as this flag is not enabled, it shouldn’t matter."

grsr

Just FYI.

1. Mbed TLS 2.8.0 released recently

2. Mbed TLS 2.7 is a "Long Term Support Branch"

https://tls.mbed.org/tech-updates/blog/our-next-lts-branch-mbedtls-2.7

So I would suggest your team at least upgrade to mbedTLS-2.7.2 if you want to get upstream bug fixes.

I don't think mbed-TLS-2.6 is a good choice as no maintenance release for it any more.

0 Likes

grsr

FYI, some new vulnerabilities of mbedTLS:

CVE-2018-9988

Brief description: Buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

upstream patches: ARMmbed/mbedtls@027f84c, ARMmbed/mbedtls@a1098f8

NVD link: https://nvd.nist.gov/vuln/detail/CVE-2018-9988

CVE-2018-9989

Brief description: Buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

upstream patches: ARMmbed/mbedtls@5224a75, ARMmbed/mbedtls@740b218

NVD link: https://nvd.nist.gov/vuln/detail/CVE-2018-9989

As I suggested before, mbed-tls-2.7.x is a better option as it is a long term support version.

If cypress decided to use mbed-tls-2.6.0, you will have to patch yourself or upgrade again.

Thank you for the update. I have forwarded your message to the software development team.

0 Likes

FYI, there is a new vulnerability of mbedTLS:

CVE-2018-19608  Local timing attack on RSA decryption

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608