rpm package

opensuse/mbedtls-2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/mbedtls-2&distro=openSUSE%20Tumbleweed

Vulnerabilities (19)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-27810	Med	5.4	< 2.28.10-1.1	2.28.10-1.1	Mar 25, 2025	Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
CVE-2025-27809	Med	5.4	< 2.28.10-1.1	2.28.10-1.1	Mar 25, 2025	Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
CVE-2024-45157	Med	5.1	< 2.28.9-1.1	2.28.9-1.1	Sep 5, 2024	An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PS
CVE-2024-28960	Hig	8.2	< 2.28.8-1.1	2.28.8-1.1	Mar 29, 2024	An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2024-23170	Med	5.5	< 2.28.7-1.1	2.28.7-1.1	Jan 31, 2024	An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages
CVE-2022-46393	Cri	9.8	< 2.28.2-1.1	2.28.2-1.1	Dec 15, 2022	An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
CVE-2022-35409	Cri	9.1	< 2.28.1-1.1	2.28.1-1.1	Jul 15, 2022	An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or poss
CVE-2021-45450	Hig	7.5	< 2.28.0-1.1	2.28.0-1.1	Dec 21, 2021	In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
CVE-2021-24119		—	< 2.27.0-2.1	2.27.0-2.1	Jul 14, 2021	In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments th
CVE-2018-19608	Med	4.7	< 2.27.0-1.2	2.27.0-1.2	Dec 5, 2018	Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2018-0488		—	< 2.27.0-1.2	2.27.0-1.2	Feb 13, 2018	ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
CVE-2018-0487		—	< 2.27.0-1.2	2.27.0-1.2	Feb 13, 2018	ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
CVE-2017-14032	Hig	8.1	< 2.27.0-1.2	2.27.0-1.2	Aug 30, 2017	ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped wi
CVE-2017-2784	Hig	8.1	< 2.27.0-1.2	2.27.0-1.2	Apr 20, 2017	An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack po
CVE-2015-7575	Med	5.9	< 2.28.3-1.1	2.28.3-1.1	Jan 9, 2016	Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle at
CVE-2015-5291		—	< 2.28.3-1.1	2.28.3-1.1	Nov 2, 2015	Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name
CVE-2014-8628		—	< 2.28.3-1.1	2.28.3-1.1	Aug 24, 2015	Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014
CVE-2015-1182		—	< 2.28.3-1.1	2.28.3-1.1	Jan 27, 2015	The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrar
CVE-2014-8627		—	< 2.28.3-1.1	2.28.3-1.1	Nov 24, 2014	PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

CVE-2025-27810MedMar 25, 2025
affected < 2.28.10-1.1fixed 2.28.10-1.1
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
CVE-2025-27809MedMar 25, 2025
affected < 2.28.10-1.1fixed 2.28.10-1.1
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
CVE-2024-45157MedSep 5, 2024
affected < 2.28.9-1.1fixed 2.28.9-1.1
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PS
CVE-2024-28960HigMar 29, 2024
affected < 2.28.8-1.1fixed 2.28.8-1.1
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2024-23170MedJan 31, 2024
affected < 2.28.7-1.1fixed 2.28.7-1.1
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages
CVE-2022-46393CriDec 15, 2022
affected < 2.28.2-1.1fixed 2.28.2-1.1
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
CVE-2022-35409CriJul 15, 2022
affected < 2.28.1-1.1fixed 2.28.1-1.1
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or poss
CVE-2021-45450HigDec 21, 2021
affected < 2.28.0-1.1fixed 2.28.0-1.1
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
CVE-2021-24119Jul 14, 2021
affected < 2.27.0-2.1fixed 2.27.0-2.1
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments th
CVE-2018-19608MedDec 5, 2018
affected < 2.27.0-1.2fixed 2.27.0-1.2
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2018-0488Feb 13, 2018
affected < 2.27.0-1.2fixed 2.27.0-1.2
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
CVE-2018-0487Feb 13, 2018
affected < 2.27.0-1.2fixed 2.27.0-1.2
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
CVE-2017-14032HigAug 30, 2017
affected < 2.27.0-1.2fixed 2.27.0-1.2
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped wi
CVE-2017-2784HigApr 20, 2017
affected < 2.27.0-1.2fixed 2.27.0-1.2
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack po
CVE-2015-7575MedJan 9, 2016
affected < 2.28.3-1.1fixed 2.28.3-1.1
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle at
CVE-2015-5291Nov 2, 2015
affected < 2.28.3-1.1fixed 2.28.3-1.1
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name
CVE-2014-8628Aug 24, 2015
affected < 2.28.3-1.1fixed 2.28.3-1.1
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014
CVE-2015-1182Jan 27, 2015
affected < 2.28.3-1.1fixed 2.28.3-1.1
The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrar
CVE-2014-8627Nov 24, 2014
affected < 2.28.3-1.1fixed 2.28.3-1.1
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.