7 matches found
Astra Linux – Vulnerability in mbedtls
A vulnerability was discovered in Mbed TLS before versions 2.28.2 and 3.x, prior to 3.3.0. An adversary with access to sufficiently precise information about memory accesses typically, an untrusted operating system attacking a secure environment can retrieve an RSA private key by observing the...
Astra Linux – Vulnerability in mbedtls
A issue was discovered in Mbed TLS before version 2.25.0 and before versions 2.16.9 LTS and 2.7.18 LTS. A NULL algorithm parameter entry resembles an array of REAL values with a size of zero; therefore, the certificate is considered valid. However, if the parameters do not match at all, then the...
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
...
DEBIAN-CVE-2024-45157
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...
AZL-47703 CVE-2024-28960 affecting package hvloader for versions less than 1.0.1-6
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
...
UBUNTU-CVE-2020-36478
An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. A NULL algorithm parameters entry looks identical to an array of REAL size zero and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate...