rpm package
suse/mbedtls&distro=SUSE Package Hub 15 SP3
pkg:rpm/suse/mbedtls&distro=SUSE%20Package%20Hub%2015%20SP3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-35409 | Cri | 9.1 | < 2.16.9-bp153.2.8.1 | 2.16.9-bp153.2.8.1 | Jul 15, 2022 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or poss | |
| CVE-2021-24119 | — | < 2.16.9-bp153.2.5.1 | 2.16.9-bp153.2.5.1 | Jul 14, 2021 | In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments th |
- affected < 2.16.9-bp153.2.8.1fixed 2.16.9-bp153.2.8.1
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or poss
- CVE-2021-24119Jul 14, 2021affected < 2.16.9-bp153.2.5.1fixed 2.16.9-bp153.2.5.1
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments th