Mbed Tls Security Vulnerabilities and Issues — Mbed Tls CVE List

Lucene search

ArmMbed Tls

4 matches found

CVE•added 2024/01/31 8:15 a.m.•95 views

CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as ...

5.5CVSS5.3AI score0.00175EPSS

CVE•added 2024/01/31 8:15 a.m.•83 views

CVE-2024-23775

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

7.5CVSS7.1AI score0.00285EPSS

CVE•added 2024/01/21 11:15 p.m.•65 views

CVE-2023-52353

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

7.5CVSS7.5AI score0.00061EPSS

CVE•added 2024/01/21 11:15 p.m.•45 views

CVE-2024-23744

An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

7.5CVSS7.4AI score0.00073EPSS