rpm package

opensuse/mbedtls&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/mbedtls&distro=openSUSE%20Tumbleweed

Vulnerabilities (20)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-34877	Cri	9.8	< 3.6.6-1.1	3.6.6-1.1	Apr 2, 2026	An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code executi
CVE-2026-34876	Hig	7.5	< 3.6.6-1.1	3.6.6-1.1	Apr 2, 2026	An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by m
CVE-2026-34873	Cri	9.1	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
CVE-2026-34872	Cri	9.1	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (l
CVE-2026-34874	Hig	7.5	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
CVE-2026-34871	Med	6.7	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25835	Hig	7.7	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25833	Hig	7.5	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
CVE-2026-34875	Cri	9.8	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2026-25834	Med	6.5	< 3.6.6-1.1	3.6.6-1.1	Apr 1, 2026	Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
CVE-2025-59438		—	< 3.6.5-1.1	3.6.5-1.1	Oct 21, 2025	Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
CVE-2025-54764		—	< 3.6.5-1.1	3.6.5-1.1	Oct 20, 2025	Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
CVE-2024-49195	Cri	9.8	< 3.6.2-1.1	3.6.2-1.1	Oct 15, 2024	Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair
CVE-2024-23170	Med	5.5	< 3.5.2-1.1	3.5.2-1.1	Jan 31, 2024	An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages
CVE-2023-45199	Cri	9.8	< 3.5.0-1.1	3.5.0-1.1	Oct 7, 2023	Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2015-7575	Med	5.9	< 2.4.0-1.2	2.4.0-1.2	Jan 9, 2016	Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle at
CVE-2015-5291		—	< 2.4.0-1.2	2.4.0-1.2	Nov 2, 2015	Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name
CVE-2014-8628		—	< 2.4.0-1.2	2.4.0-1.2	Aug 24, 2015	Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014
CVE-2015-1182		—	< 2.4.0-1.2	2.4.0-1.2	Jan 27, 2015	The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrar
CVE-2014-8627		—	< 2.4.0-1.2	2.4.0-1.2	Nov 24, 2014	PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

CVE-2026-34877CriApr 2, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code executi
CVE-2026-34876HigApr 2, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by m
CVE-2026-34873CriApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
CVE-2026-34872CriApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (l
CVE-2026-34874HigApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
CVE-2026-34871MedApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25835HigApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25833HigApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
CVE-2026-34875CriApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2026-25834MedApr 1, 2026
affected < 3.6.6-1.1fixed 3.6.6-1.1
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
CVE-2025-59438Oct 21, 2025
affected < 3.6.5-1.1fixed 3.6.5-1.1
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
CVE-2025-54764Oct 20, 2025
affected < 3.6.5-1.1fixed 3.6.5-1.1
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
CVE-2024-49195CriOct 15, 2024
affected < 3.6.2-1.1fixed 3.6.2-1.1
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair
CVE-2024-23170MedJan 31, 2024
affected < 3.5.2-1.1fixed 3.5.2-1.1
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages
CVE-2023-45199CriOct 7, 2023
affected < 3.5.0-1.1fixed 3.5.0-1.1
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2015-7575MedJan 9, 2016
affected < 2.4.0-1.2fixed 2.4.0-1.2
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle at
CVE-2015-5291Nov 2, 2015
affected < 2.4.0-1.2fixed 2.4.0-1.2
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name
CVE-2014-8628Aug 24, 2015
affected < 2.4.0-1.2fixed 2.4.0-1.2
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014
CVE-2015-1182Jan 27, 2015
affected < 2.4.0-1.2fixed 2.4.0-1.2
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrar
CVE-2014-8627Nov 24, 2014
affected < 2.4.0-1.2fixed 2.4.0-1.2
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.