Arm

Mbed Tls

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 2.57%
  • Veröffentlicht 20.12.2021 08:15:06
  • Zuletzt bearbeitet 05.06.2026 19:38:32

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

Exploit
  • EPSS 1.18%
  • Veröffentlicht 23.08.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 05:29:38

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameter...

  • EPSS 0.83%
  • Veröffentlicht 23.08.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 05:29:38

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName exten...

  • EPSS 1.55%
  • Veröffentlicht 23.08.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:29:37

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

  • EPSS 1.97%
  • Veröffentlicht 23.08.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:29:37

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generatin...

  • EPSS 1.69%
  • Veröffentlicht 19.07.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:29:28

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

Exploit
  • EPSS 0.91%
  • Veröffentlicht 19.07.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:29:28

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

  • EPSS 0.34%
  • Veröffentlicht 19.07.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:29:28

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

  • EPSS 1.2%
  • Veröffentlicht 19.07.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:29:28

An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.

  • EPSS 1.26%
  • Veröffentlicht 19.07.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:29:28

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.