2 matches found
PT-2025-28012 · Mbed Tls · Mbed Tls
Name of the Vulnerable Software and Affected Versions: MbedTLS versions 3.3.0 through 3.6.3 Description: The issue allows an attacker to bypass LMS signature verification by reusing stale stack data, resulting in the acceptance of an invalid signature. This occurs when unchecked return values in...
DEBIAN-CVE-2022-35409
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...