VYPR

mbedtls

by ARMmbed

CVEs (4)

  • CVE-2021-44732CriDec 20, 2021
    risk 0.64cvss 9.8epss 0.03

    Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

  • CVE-2021-45451HigDec 21, 2021
    risk 0.49cvss 7.5epss 0.01

    In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

  • CVE-2021-45450HigDec 21, 2021
    risk 0.49cvss 7.5epss 0.01

    In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

  • CVE-2021-36647MedJan 17, 2023
    risk 0.31cvss 4.7epss 0.00

    Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted…