Mbed Tls Security Vulnerabilities and Issues — Mbed Tls CVE List

Lucene search

ArmMbed Tls

3 matches found

CVE•added 2024/09/05 7:15 p.m.•49 views

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_R...

5.1CVSS6.9AI score0.00018EPSS

CVE•added 2024/09/05 7:15 p.m.•47 views

CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() wou...

9.8CVSS7.1AI score0.00241EPSS

CVE•added 2024/09/05 7:15 p.m.•36 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This n...

9.8CVSS7.5AI score0.00528EPSS