Mbed Tls Security Vulnerabilities and Issues — Mbed Tls CVE List

Lucene search

ArmMbed Tls

9 matches found

CVE•added 2020/04/15 2:15 p.m.•159 views

CVE-2020-10932

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side chan...

4.7CVSS4.7AI score0.00027EPSS

CVE•added 2023/01/17 9:15 p.m.•132 views

CVE-2021-36647

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking...

4.7CVSS4.5AI score0.00036EPSS

CVE•added 2020/01/23 5:15 p.m.•114 views

CVE-2019-18222

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

4.7CVSS4.6AI score0.0006EPSS

CVE•added 2021/07/14 1:15 p.m.•111 views

CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single st...

4.9CVSS4.9AI score0.00354EPSS

CVE•added 2018/07/28 5:29 p.m.•98 views

CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

4.7CVSS4.8AI score0.00193EPSS

CVE•added 2018/12/05 10:29 p.m.•68 views

CVE-2018-19608

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

4.7CVSS4.5AI score0.00254EPSS

CVE•added 2021/07/19 5:15 p.m.•53 views

CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

4.7CVSS5.4AI score0.00086EPSS

CVE•added 2025/07/04 3:15 p.m.•11 views

CVE-2025-52497

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

4.8CVSS6.8AI score0.00056EPSS

CVE•added 2025/07/04 3:15 p.m.•9 views

CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can in...

4.9CVSS7AI score0.00008EPSS