VYPR

MbedTLS

by Arm

Source repositories

CVEs (72)

  • CVE-2021-45450HigDec 21, 2021
    risk 0.49cvss 7.5epss 0.01

    In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

  • CVE-2018-1000520HigJun 26, 2018
    risk 0.49cvss 7.5epss 0.01

    ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be…

  • CVE-2018-9989HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.02

    ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

  • CVE-2018-9988HigApr 10, 2018
    risk 0.49cvss 7.5epss 0.02

    ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

  • CVE-2024-28960HigMar 29, 2024
    risk 0.46cvss 8.2epss 0.01

    An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

  • CVE-2026-25835HigApr 1, 2026
    risk 0.43cvss 7.7epss 0.00

    Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).

  • CVE-2026-34876HigApr 2, 2026
    risk 0.42cvss 7.5epss 0.00

    An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by…

  • CVE-2026-34874HigApr 1, 2026
    risk 0.42cvss 7.5epss 0.00

    An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

  • CVE-2026-25833HigApr 1, 2026
    risk 0.42cvss 7.5epss 0.00

    Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function

  • CVE-2024-28755MedApr 3, 2024
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing…

  • CVE-2024-23775HigJan 31, 2024
    risk 0.42cvss 7.5epss 0.01

    Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

  • CVE-2020-36478HigAug 23, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way,…

  • CVE-2020-36476HigAug 23, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

  • CVE-2020-36475HigAug 23, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

  • CVE-2020-36426HigJul 19, 2021
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

  • CVE-2020-36423HigJul 19, 2021
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

  • CVE-2018-0497MedJul 28, 2018
    risk 0.39cvss 5.9epss 0.03

    ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384…

  • CVE-2020-10941MedMar 24, 2020
    risk 0.38cvss 5.9epss 0.02

    Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

  • CVE-2026-34871MedApr 1, 2026
    risk 0.37cvss 6.7epss 0.00

    An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

  • CVE-2020-16150MedSep 2, 2020
    risk 0.36cvss 5.5epss 0.00

    A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.