VYPR

Mbed TLS

by Arm

Source repositories

CVEs (14)

  • CVE-2023-45199CriOct 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

  • CVE-2023-43615HigOct 7, 2023
    risk 0.49cvss 7.5epss 0.01

    Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

  • CVE-2020-36426HigJul 19, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

  • CVE-2020-36423HigJul 19, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

  • CVE-2020-10941MedMar 24, 2020
    risk 0.38cvss 5.9epss 0.02

    Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

  • CVE-2020-16150MedSep 2, 2020
    risk 0.36cvss 5.5epss 0.00

    A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

  • CVE-2020-10932MedApr 15, 2020
    risk 0.31cvss 4.7epss 0.00

    An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by…

  • CVE-2024-23170MedJan 31, 2024
    risk 0.29cvss 5.5epss 0.00

    An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages…

  • CVE-2020-36425MedJul 19, 2021
    risk 0.28cvss 5.3epss 0.01

    An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

  • CVE-2020-36422MedJul 19, 2021
    risk 0.28cvss 5.3epss 0.01

    An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

  • CVE-2020-36421MedJul 19, 2021
    risk 0.28cvss 5.3epss 0.02

    An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

  • CVE-2019-16910MedSep 26, 2019
    risk 0.28cvss 5.3epss 0.02

    Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times.…

  • CVE-2020-36424MedJul 19, 2021
    risk 0.24cvss 4.7epss 0.00

    An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

  • CVE-2019-18222MedJan 23, 2020
    risk 0.24cvss 4.7epss 0.00

    The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.