2 matches found
Missing Cryptographic Step
Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the mbedtlslmsverify process when internal errors from the createmerkleleafvalue and createmerkleinternalvalue functions are not checked. An attacker can cause the acceptance of invalid signatures by induci...
PT-2025-28012
Name of the Vulnerable Software and Affected Versions: MbedTLS versions 3.3.0 through 3.6.3 Description: The issue allows an attacker to bypass LMS signature verification by reusing stale stack data, resulting in the acceptance of an invalid signature. This occurs when unchecked return values in...