MbedTLS
by Arm
Source repositories
CVEs (72)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49195 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2024 | Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair | ||
| CVE-2024-45159 | Cri | 0.64 | 9.8 | 0.00 | Sep 5, 2024 | An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of… | ||
| CVE-2024-45158 | Cri | 0.64 | 9.8 | 0.01 | Sep 5, 2024 | An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits… | ||
| CVE-2023-45199 | Cri | 0.64 | 9.8 | 0.01 | Oct 7, 2023 | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. | ||
| CVE-2022-46393 | Cri | 0.64 | 9.8 | 0.01 | Dec 15, 2022 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | ||
| CVE-2021-44732 | Cri | 0.64 | 9.8 | 0.03 | Dec 20, 2021 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | ||
| CVE-2018-0488 | Cri | 0.64 | 9.8 | 0.05 | Feb 13, 2018 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | ||
| CVE-2018-0487 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2018 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. | ||
| CVE-2024-30166 | Cri | 0.59 | 9.1 | 0.01 | Apr 3, 2024 | In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello. | ||
| CVE-2022-35409 | Cri | 0.59 | 9.1 | 0.02 | Jul 15, 2022 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or… | ||
| CVE-2026-34877 | Cri | 0.57 | 9.8 | 0.00 | Apr 2, 2026 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code… | ||
| CVE-2026-34875 | Cri | 0.57 | 9.8 | 0.00 | Apr 1, 2026 | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | ||
| CVE-2017-14032 | Hig | 0.53 | 8.1 | 0.01 | Aug 30, 2017 | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped… | ||
| CVE-2017-2784 | Hig | 0.53 | 8.1 | 0.03 | Apr 20, 2017 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack… | ||
| CVE-2026-34873 | Cri | 0.52 | 9.1 | 0.00 | Apr 1, 2026 | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. | ||
| CVE-2026-34872 | Cri | 0.52 | 9.1 | 0.00 | Apr 1, 2026 | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values… | ||
| CVE-2024-23744 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2024 | An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | ||
| CVE-2023-43615 | Hig | 0.49 | 7.5 | 0.01 | Oct 7, 2023 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | ||
| CVE-2021-45450 | Hig | 0.49 | 7.5 | 0.01 | Dec 21, 2021 | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | ||
| CVE-2018-1000520 | Hig | 0.49 | 7.5 | 0.01 | Jun 26, 2018 | ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be… |
- risk 0.64cvss 9.8epss 0.01
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair
- risk 0.64cvss 9.8epss 0.00
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits…
- risk 0.64cvss 9.8epss 0.01
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
- risk 0.64cvss 9.8epss 0.03
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
- risk 0.64cvss 9.8epss 0.05
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
- risk 0.64cvss 9.8epss 0.03
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
- risk 0.59cvss 9.1epss 0.01
In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.
- risk 0.59cvss 9.1epss 0.02
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or…
- risk 0.57cvss 9.8epss 0.00
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code…
- risk 0.57cvss 9.8epss 0.00
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
- risk 0.53cvss 8.1epss 0.01
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped…
- risk 0.53cvss 8.1epss 0.03
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack…
- risk 0.52cvss 9.1epss 0.00
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
- risk 0.52cvss 9.1epss 0.00
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
- risk 0.49cvss 7.5epss 0.01
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
- risk 0.49cvss 7.5epss 0.01
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
- risk 0.49cvss 7.5epss 0.01
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be…
Page 1 of 4