JLSEC-2025-187 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware ...

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...

CVE-2020-10941

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information an RSA private key by measuring cache usage during an import...