6 matches found
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
PT-2025-12764
Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.x through 2.28.9 Mbed TLS versions 3.x through 3.6.2 Description The issue allows servers with trusted certificates for arbitrary hostnames to be accepted by the client unless the TLS client application calls mbedtls ssl se...
ALPINE-CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
PT-2024-1658 · Mbed Tls +3 · Mbed Tls +3
Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.x before 2.28.7 Mbed TLS versions 3.x before 3.5.2 Description: A timing side channel in RSA private operations could allow a local attacker to recover the plaintext by sending a large number of messages for decryption, as...
SUSE CVE-2018-0487
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session...
CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...