CVE-2015-8036

🗓️ 02 Nov 2015 19:00:00Reported by mitreType

Heap-based buffer overflow in ARM mbed TLS 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service and possibly execute arbitrary code via a long session ticket name to the session ticket extension

Reporter	Title	Published	Views	Family All 21
CNVD	ARM mbed TLS Heap Buffer Overflow Vulnerability	4 Nov 201500:00	–	cnvd
Cvelist	CVE-2015-8036	2 Nov 201519:00	–	cvelist
Debian	[SECURITY] [DSA 3468-1] polarssl security update	6 Feb 201619:34	–	debian
Debian	[SECURITY] [DSA 3468-1] polarssl security update	6 Feb 201619:34	–	debian
Debian CVE	CVE-2015-8036	2 Nov 201519:00	–	debiancve
Tenable Nessus	Debian DSA-3468-1 : polarssl - security update	8 Feb 201600:00	–	nessus
Tenable Nessus	Fedora 21 : mbedtls-1.3.14-1.fc21 (2015-30a417bea9)	4 Mar 201600:00	–	nessus
Tenable Nessus	openSUSE Security Update : polarssl (openSUSE-2016-932)	5 Aug 201600:00	–	nessus
EUVD	EUVD-2015-7929	7 Oct 202500:30	–	euvd
Mageia	Updated mbedtls/hiawatha/belle-sip/linphone/pdns packages fix security vulnerability	9 Feb 201613:05	–	mageia

NVD

Node

arm mbed_tlsRange1.3.0–1.3.14

arm mbed_tlsRange2.0.0–2.1.2

polarssl polarsslRange≤1.2.17

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

fedoraproject fedoraMatch21

opensuse opensuseMatch13.2

Source	Link
lists	www.lists.opensuse.org/opensuse-updates/2016-08/msg00009.html
guidovranken	www.guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
guidovranken	www.guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf
debian	www.debian.org/security/2016/dsa-3468
lists	www.lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html
tls	www.tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01

06 May 2026 22:30Current

8High risk

Vulners AI Score8

CVSS 26.8

EPSS0.01445

CWE-119