Mbed Tls@* Security Vulnerabilities and Issues — Mbed Tls@* CVE List

Lucene search

ArmMbed Tls*

4 matches found

CVE•added 2025/03/25 6:15 a.m.•66 views

CVE-2025-27809

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

5.4CVSS7.4AI score0.00035EPSS

CVE•added 2025/07/20 7:15 p.m.•28 views

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the functi...

9.8CVSS6.8AI score0.02127EPSS

CVE•added 2025/07/20 6:15 p.m.•24 views

CVE-2025-48965

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

7.5CVSS6.6AI score0.00075EPSS

CVE•added 2025/07/04 3:15 p.m.•23 views

CVE-2025-52497

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

4.8CVSS6.8AI score0.00079EPSS