The vulnerability of the software implementation of the TLS protocol allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the Mbed TLS software protocol implementation is related to the use of an uninitialized resource. Exploiting this vulnerability allows a remote attacker to perform “man-in-the-middle” attacks...

CVE-2024-48982

An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less th...

The vulnerability of the implementation of TLS and SSL software from Mbed TLS allows a attacker to rewrite data in the memory buffer and restore the encrypted RSA key.

The vulnerability of the implementation of TLS and SSL software from Mbed TLS relates to the possibility of writing data beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to rewrite data into the memory buffer and restore the encrypted RSA key...

PT-2020-9946 · Arm +2 · Arm Mbed Crypto +3

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.1 through 2.19.1 Arm Mbed Crypto version 2.1 Description: The issue concerns the ECDSA signature implementation in ecdsa.c, which does not reduce the blinded scalar before computing the inverse. This allows a local attacke...