490 matches found
CVE-2026-54919
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...
CVE-2026-54919
cpp-httplib on Mbed TLS and wolfSSL backends was vulnerable to a TLS certificate chain verification bypass for IP-literal hosts (affecting v0.31.0–0.46.1) when server verification was enabled; SSLClient/Client could skip chain validation and Mbed TLS WebSocketClient could skip verification. The i...
curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0
Summary When an application sets CURLOPTSSLVERIFYPEER=0 while keeping CURLOPTSSLVERIFYHOST=2 the default, the mbedTLS, wolfSSL, and rustls TLS backends silently skip the hostname-vs-certificate check. The OpenSSL, GnuTLS, and Schannel backends correctly preserve hostname checking under the same...
OPENSUSE-SU-2026:21144-1 Security update for mbedtls
This update for mbedtls fixes the following issues: Changes in mbedtls: - Update to 3.6.6 LTS maintenance update from 3.6.1; security fixes accumulated across the 3.6.2-3.6.6 releases: CVE-2024-49195 boo1231708: buffer underrun in pkwrite when writing an opaque key pair CVE-2025-27809 boo1240051:...
OPENSUSE-SU-2026:21145-1 Security update for mbedtls-2
This update for mbedtls-2 fixes the following issues: Changes in mbedtls-2: - Enable SRTP and DTLS protocols needed by some software. - Update to version 2.28.10: Default behavior changes In TLS clients, if mbedtlssslsethostname has not been called, mbedtlssslhandshake now fails with...
Astra Linux – Vulnerability in mbedtls
The use of a broken or risky cryptographic algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS for all versions prior to 3.0.0, 2.27.0, or 2.16.11 allows attackers with access to precise timing and memory access information typically from an untrusted operating system attacking a...
Security update for ovmf (important)
openSUSE security update: security update for ovmf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20875-1 Rating: important References: bsc1261469 bsc1261476 bsc1261477 bsc1261478 Cross-References: CVE-2026-25833 CVE-2026-25834 CVE-2026-25835...
SUSE-SU-2026:21981-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...
OPENSUSE-SU-2026:20875-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2026-25833: mbedtls: buffer overflow in the x509inetptonipv6 function bsc1261476. - CVE-2026-25834: mbedtls: client accepts signature algorithm chosen by server even if not advertised in client hello bsc1261477. - CVE-2026-25835: mbedtls: no...
Astra Linux – Vulnerability in mbedtls
Mbed TLS versions before 3.0.1 have a double-free error under certain out-of-memory conditions, as demonstrated by a failure in the mbedtlssslsetsession function...
Astra Linux – Vulnerability in mbedtls
A issue was discovered in Mbed TLS before version 2.24.0 and before versions 2.16.8 LTS and 2.7.17 LTS. There is a lack of zeroization of plaintext buffers in mbedtlssslread, which is necessary to erase unused application data from memory...
Astra Linux – Vulnerability in mbedtls
Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...
Astra Linux – Vulnerability in mbedtls
A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2026:1952-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1952-1 advisory. This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. -...
Security update for ovmf
This update for ovmf fixes the following issues CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. CVE-2026-34874: mbedtls: NULL pointer...
curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0
The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...
EUVD-2026-29033
Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...
CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets
Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...
Zephyr 安全漏洞
Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of sockets created with IPPROTOTLS13. When both TLS versions are enabled, TLS 1.2 can still be negotiated, as the protocol selection at the...
PT-2026-39574
Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...