Mbed TLS

CVEs (17)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-34877	Mbed TLS Mbed TLS	Cri	0.64	9.8	0.00	Apr 2, 2026	An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code…
CVE-2026-34875	Mbed TLS Mbed TLS	Cri	0.64	9.8	0.00	Apr 1, 2026	An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2024-49195	Mbed TLS Mbed TLS	Cri	0.64	9.8	0.01	Oct 15, 2024	Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair
CVE-2023-45199	Mbed TLS Mbed TLS	Cri	0.64	9.8	0.09	Oct 7, 2023	Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2026-34873	Mbed TLS Mbed TLS	Cri	0.59	9.1	0.00	Apr 1, 2026	An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
CVE-2026-25835	Mbed TLS Mbed TLS	Hig	0.50	7.7	0.00	Apr 1, 2026	Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-34876	Mbed TLS Mbed TLS	Hig	0.49	7.5	0.00	Apr 2, 2026	An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by…
CVE-2026-34874	Mbed TLS Mbed TLS	Hig	0.49	7.5	0.00	Apr 1, 2026	An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
CVE-2026-25833	Mbed TLS Mbed TLS	Hig	0.49	7.5	0.00	Apr 1, 2026	Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
CVE-2023-43615	Mbed TLS Mbed TLS	Hig	0.49	7.5	0.00	Oct 7, 2023	Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2024-28960	Mbed TLS Mbed Crypto	Hig	0.46	8.2	0.00	Mar 29, 2024	An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2026-34871	Mbed TLS Mbed TLS	Med	0.44	6.7	0.00	Apr 1, 2026	An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25834	Mbed TLS Mbed TLS	Med	0.42	6.5	0.00	Apr 1, 2026	Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
CVE-2024-23775	Mbed TLS Mbed TLS	Hig	0.42	7.5	0.00	Jan 31, 2024	Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
CVE-2018-19608	Mbed TLS Mbed TLS	Med	0.31	4.7	0.00	Dec 5, 2018	Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2024-23170	Mbed TLS Mbed TLS	Med	0.29	5.5	0.00	Jan 31, 2024	An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages…
CVE-2025-49087	Mbed TLS Mbed TLS	Med	0.26	4.0	0.00	Jul 20, 2025	In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

CVE-2026-34877CriApr 2, 2026
Mbed TLS
Mbed TLS
risk 0.64cvss 9.8epss 0.00
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code…
CVE-2026-34875CriApr 1, 2026
Mbed TLS
Mbed TLS
risk 0.64cvss 9.8epss 0.00
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2024-49195CriOct 15, 2024
Mbed TLS
Mbed TLS
risk 0.64cvss 9.8epss 0.01
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair
CVE-2023-45199CriOct 7, 2023
Mbed TLS
Mbed TLS
risk 0.64cvss 9.8epss 0.09
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2026-34873CriApr 1, 2026
Mbed TLS
Mbed TLS
risk 0.59cvss 9.1epss 0.00
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
CVE-2026-25835HigApr 1, 2026
Mbed TLS
Mbed TLS
risk 0.50cvss 7.7epss 0.00
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-34876HigApr 2, 2026
Mbed TLS
Mbed TLS
risk 0.49cvss 7.5epss 0.00
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by…
CVE-2026-34874HigApr 1, 2026
Mbed TLS
Mbed TLS
risk 0.49cvss 7.5epss 0.00
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
CVE-2026-25833HigApr 1, 2026
Mbed TLS
Mbed TLS
risk 0.49cvss 7.5epss 0.00
Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
CVE-2023-43615HigOct 7, 2023
Mbed TLS
Mbed TLS
risk 0.49cvss 7.5epss 0.00
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2024-28960HigMar 29, 2024
Mbed TLS
Mbed Crypto
risk 0.46cvss 8.2epss 0.00
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2026-34871MedApr 1, 2026
Mbed TLS
Mbed TLS
risk 0.44cvss 6.7epss 0.00
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25834MedApr 1, 2026
Mbed TLS
Mbed TLS
risk 0.42cvss 6.5epss 0.00
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
CVE-2024-23775HigJan 31, 2024
Mbed TLS
Mbed TLS
risk 0.42cvss 7.5epss 0.00
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
CVE-2018-19608MedDec 5, 2018
Mbed TLS
Mbed TLS
risk 0.31cvss 4.7epss 0.00
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2024-23170MedJan 31, 2024
Mbed TLS
Mbed TLS
risk 0.29cvss 5.5epss 0.00
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages…
CVE-2025-49087MedJul 20, 2025
Mbed TLS
Mbed TLS
risk 0.26cvss 4.0epss 0.00
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.