Arm

Mbed Tls

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.43%
  • Veröffentlicht 02.04.2026 00:00:00
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, lea...

  • EPSS 0.39%
  • Veröffentlicht 02.04.2026 00:00:00
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len ...

  • EPSS 0.24%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.

  • EPSS 0.27%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 03.04.2026 20:04:38

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

  • EPSS 0.2%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 03.04.2026 20:02:33

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret...

  • EPSS 0.19%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 05.06.2026 19:40:20

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

  • EPSS 0.28%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.

  • EPSS 0.17%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 05.06.2026 19:40:20

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).

  • EPSS 0.37%
  • Veröffentlicht 01.04.2026 00:00:00
  • Zuletzt bearbeitet 05.06.2026 19:40:20

An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.

  • EPSS 0.24%
  • Veröffentlicht 21.10.2025 00:00:00
  • Zuletzt bearbeitet 23.10.2025 12:35:35

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.