CVE-2021-44732
- EPSS 2.57%
- Veröffentlicht 20.12.2021 08:15:06
- Zuletzt bearbeitet 05.06.2026 19:38:32
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
CVE-2020-36478
- EPSS 1.18%
- Veröffentlicht 23.08.2021 02:15:07
- Zuletzt bearbeitet 21.11.2024 05:29:38
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameter...
CVE-2020-36477
- EPSS 0.83%
- Veröffentlicht 23.08.2021 02:15:07
- Zuletzt bearbeitet 21.11.2024 05:29:38
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName exten...
CVE-2020-36476
- EPSS 1.55%
- Veröffentlicht 23.08.2021 02:15:06
- Zuletzt bearbeitet 21.11.2024 05:29:37
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
CVE-2020-36475
- EPSS 1.97%
- Veröffentlicht 23.08.2021 02:15:06
- Zuletzt bearbeitet 21.11.2024 05:29:37
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generatin...
CVE-2020-36426
- EPSS 1.69%
- Veröffentlicht 19.07.2021 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:29:28
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
CVE-2020-36425
- EPSS 0.91%
- Veröffentlicht 19.07.2021 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:29:28
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
CVE-2020-36424
- EPSS 0.34%
- Veröffentlicht 19.07.2021 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:29:28
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
CVE-2020-36423
- EPSS 1.2%
- Veröffentlicht 19.07.2021 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:29:28
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
CVE-2020-36422
- EPSS 1.26%
- Veröffentlicht 19.07.2021 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:29:28
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.