Mbed Tls Security Vulnerabilities and Issues — Mbed Tls CVE List

Lucene search

ArmMbed Tls

12 matches found

CVE•added 2022/07/15 2:15 p.m.•101 views

CVE-2022-35409

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information di...

9.1CVSS9.1AI score0.00603EPSS

CVE•added 2018/02/13 3:29 p.m.•93 views

CVE-2018-0487

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

9.8CVSS9.4AI score0.1372EPSS

CVE•added 2021/12/20 8:15 a.m.•93 views

CVE-2021-44732

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

9.8CVSS9.3AI score0.00432EPSS

CVE•added 2022/12/15 11:15 p.m.•91 views

CVE-2022-46393

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

9.8CVSS9.5AI score0.00795EPSS

CVE•added 2018/02/14 5:29 p.m.•88 views

CVE-2017-18187

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.

9.8CVSS9.4AI score0.00563EPSS

CVE•added 2018/02/13 3:29 p.m.•86 views

CVE-2018-0488

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

9.8CVSS9.4AI score0.04761EPSS

CVE•added 2024/04/03 3:15 a.m.•59 views

CVE-2024-30166

In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

9.1CVSS6.8AI score0.00478EPSS

CVE•added 2024/09/05 7:15 p.m.•49 views

CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() wou...

9.8CVSS7.1AI score0.00241EPSS

CVE•added 2024/10/15 8:15 p.m.•47 views

CVE-2024-49195

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

9.8CVSS7.2AI score0.00436EPSS

CVE•added 2023/10/07 1:15 a.m.•40 views

CVE-2023-45199

Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

9.8CVSS9.6AI score0.08551EPSS

CVE•added 2024/09/05 7:15 p.m.•37 views

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This n...

9.8CVSS7.5AI score0.00528EPSS

CVE•added 2025/07/20 7:15 p.m.•28 views

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the functi...

9.8CVSS6.8AI score0.02127EPSS