Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mbed_tls
(Arm)| Repositories | https://github.com/ARMmbed/mbedtls |
| #Vulnerabilities | 45 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-15 | CVE-2020-10932 | An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via... | Mbed_tls, Debian_linux, Fedora | 4.7 | ||
| 2022-07-15 | CVE-2022-35409 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration:... | Mbed_tls, Debian_linux | 9.1 | ||
| 2020-09-02 | CVE-2020-16150 | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. | Mbed_tls, Debian_linux, Fedora | 5.5 | ||
| 2020-03-24 | CVE-2020-10941 | Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. | Mbed_crypto, Mbed_tls, Debian_linux, Fedora | 5.9 | ||
| 2021-07-14 | CVE-2021-24119 | In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | Mbed_tls, Debian_linux, Fedora | 4.9 | ||
| 2021-12-20 | CVE-2021-44732 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | Mbed_tls, Debian_linux | 9.8 | ||
| 2023-01-17 | CVE-2021-36647 | Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA. | Mbed_tls | 4.7 | ||
| 2021-08-23 | CVE-2020-36477 | An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address... | Mbed_tls | 5.9 | ||
| 2021-07-19 | CVE-2020-36421 | An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed. | Mbed_tls, Debian_linux | 5.3 | ||
| 2021-07-19 | CVE-2020-36422 | An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable. | Mbed_tls, Debian_linux | 5.3 |