Mbed Tls Security Vulnerabilities and Issues — Mbed Tls CVE List

Lucene search

ArmMbed Tls

4 matches found

CVE•added 2021/08/23 2:15 a.m.•75 views

CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

7.5CVSS7.1AI score0.00359EPSS

CVE•added 2021/08/23 2:15 a.m.•64 views

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate s...

7.5CVSS7.3AI score0.00254EPSS

CVE•added 2021/08/23 2:15 a.m.•58 views

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

7.5CVSS7.3AI score0.0024EPSS

CVE•added 2021/08/23 2:15 a.m.•50 views

CVE-2020-36477

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to...

5.9CVSS5.8AI score0.00206EPSS