Search CVE reports

Toggle filters

31 – 40 of 80 results

CVE-2023-43615

Medium priority
Vulnerable

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2021-36647

Medium priority
Vulnerable

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory...

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2022-46393

Medium priority
Vulnerable

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled...

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-46392

Medium priority
Vulnerable

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover...

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-35409

Medium priority
Vulnerable

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up...

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Vulnerable Not affected Not affected
Show less packages

CVE-2021-43666

Medium priority
Vulnerable

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2021-45451

Medium priority
Ignored

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-45450

Medium priority
Vulnerable

In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2021-44732

Medium priority

Some fixes available 2 of 9

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Not affected Fixed Fixed
Show less packages

CVE-2020-36478

Medium priority
Needs evaluation

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid....

1 affected package

mbedtls

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mbedtls Not affected Not affected Needs evaluation Needs evaluation
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON