Arm

Mbed Tls

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-43666

Exploit
  • EPSS 0.71%
  • Veröffentlicht 24.03.2022 18:15:08
  • Zuletzt bearbeitet 02.12.2025 21:15:49

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.

7.5

CVE-2021-45451

  • EPSS 0.14%
  • Veröffentlicht 21.12.2021 07:15:06
  • Zuletzt bearbeitet 21.11.2024 06:32:14

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

7.5

CVE-2021-45450

  • EPSS 0.07%
  • Veröffentlicht 21.12.2021 07:15:06
  • Zuletzt bearbeitet 21.11.2024 06:32:14

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

9.8

CVE-2021-44732

Exploit
  • EPSS 1.08%
  • Veröffentlicht 20.12.2021 08:15:06
  • Zuletzt bearbeitet 03.11.2025 20:15:51

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

5.9

CVE-2020-36477

  • EPSS 0.13%
  • Veröffentlicht 23.08.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 05:29:38

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName exten...

7.5

CVE-2020-36478

Exploit
  • EPSS 0.52%
  • Veröffentlicht 23.08.2021 02:15:07
  • Zuletzt bearbeitet 21.11.2024 05:29:38

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameter...

7.5

CVE-2020-36476

  • EPSS 0.68%
  • Veröffentlicht 23.08.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:29:37

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

7.5

CVE-2020-36475

  • EPSS 0.98%
  • Veröffentlicht 23.08.2021 02:15:06
  • Zuletzt bearbeitet 21.11.2024 05:29:37

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generatin...

7.5

CVE-2020-36426

  • EPSS 1.04%
  • Veröffentlicht 19.07.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:29:28

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

5.3

CVE-2020-36425

Exploit
  • EPSS 0.59%
  • Veröffentlicht 19.07.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:29:28

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.