CRITICAL9.8CVE-2026-34877An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. from 0
CRITICAL9.8CVE-2026-34875An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. from 0
CRITICAL9.8mbedtls - security update
from 0, < 2.16.9-0.1+deb11u3
CRITICAL9.8mbedtls - security update
from 0, < 2.16.9-0.1+deb11u3
CRITICAL9.8mbedtls - security update
from 0, < 2.16.9-0.1+deb11u2
CRITICAL9.8Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair
from 0, < 3.6.2-1
CRITICAL9.8An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
from 0, < 2.28.2-1
CRITICAL9.8Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
from 0, < 2.16.9-0.1+deb11u1
CRITICAL9.8polarssl - security update
from 0, < 2.4.2-1+deb9u2
CRITICAL9.8polarssl - security update
from 0, < 2.7.0-2
CRITICAL9.8ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to…
from 0, < 2.7.0-2
CRITICAL9.8ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service…
from 0, < 2.7.0-2
CRITICAL9.1An issue was discovered in Mbed TLS 3.5.0 through 4.0.0.
from 0
CRITICAL9.1An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0.
from 0
CRITICAL9.1An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0.
from 0
HIGH8.2An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto.
from 0
HIGH8.1mbedtls - security update
from 0, < 2.4.2-1+deb9u1
HIGH8.1mbedtls - security update
from 0, < 2.6.0-1
HIGH8.1An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before…
from 0, < 2.4.2-1
HIGH7.8Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur.
from 0, < 2.16.9-0.1+deb11u2
HIGH7.7Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
from 0
HIGH7.5An issue was discovered in Mbed TLS 3.x before 3.6.6.
from 0
HIGH7.5An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0.
from 0
HIGH7.5Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
from 0
HIGH7.5Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL…
from 0, < 2.16.9-0.1+deb11u2
HIGH7.5Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via…
from 0
HIGH7.5Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
from 0
HIGH7.5A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's l…
from 0, < 2.16.9-0.1+deb11u1
HIGH7.5An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
from 0, < 2.16.9-0.1
HIGH7.5An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).
from 0, < 2.16.9-0.1
HIGH7.5An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
from 0, < 2.16.9-0.1
HIGH7.5An issue was discovered in Arm Mbed TLS before 2.24.0.
from 0, < 2.16.9-0.1
HIGH7.5An issue was discovered in Arm Mbed TLS before 2.23.0.
from 0, < 2.16.9-0.1
HIGH7.5ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify…
from 0
HIGH7.5ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash o…
from 0, < 2.8.0-1
HIGH7.5mbedtls - security update
from 0, < 2.4.2-1+deb9u4
HIGH7.5mbedtls - security update
from 0, < 2.8.0-1
MEDIUM6.7An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0.
from 0, < 2.16.9-0.1+deb11u4
MEDIUM6.5Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
from 0
MEDIUM6.5In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-b…
from 0, < 3.6.4-1
MEDIUM6.5An issue was discovered in Mbed TLS 3.5.x before 3.6.0.
from 0
MEDIUM6.2Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_g…
from 0
MEDIUM5.9An issue was discovered in Mbed TLS before 2.24.0.
from 0, < 2.28.0-0.3
MEDIUM5.9Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
from 0, < 2.16.5-1
MEDIUM5.9mbedtls - security update
from 0, < 2.12.0-1
MEDIUM5.9mbedtls - security update
from 0, < 2.4.2-1+deb9u3
MEDIUM5.5An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2.
from 0
MEDIUM5.5A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attack…
from 0, < 2.16.9-0.1
MEDIUM5.4Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames un…
from 0
MEDIUM5.3Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
from 0, < 2.16.9-0.1+deb11u4
MEDIUM5.3An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
from 0, < 2.16.9-0.1+deb11u1
MEDIUM5.3An issue was discovered in Arm Mbed TLS before 2.24.0.
from 0, < 2.16.9-0.1
MEDIUM5.3An issue was discovered in Arm Mbed TLS before 2.23.0.
from 0, < 2.16.9-0.1
MEDIUM5.3An issue was discovered in Arm Mbed TLS before 2.23.0.
from 0, < 2.16.9-0.1
MEDIUM5.3mbedtls - security update
from 0, < 2.16.9-0~deb10u1
MEDIUM5.3mbedtls - security update
from 0, < 2.16.3-1
MEDIUM5.1In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's sel…
from 0
MEDIUM5.1An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used.
from 0
MEDIUM4.9In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked,…
from 0, < 3.6.4-1
MEDIUM4.9mbedtls - security update
from 0, < 2.16.9-0.1+deb11u1
MEDIUM4.9mbedtls - security update
from 0, < 2.16.9-0.1+deb11u1
MEDIUM4.8Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions…
from 0, < 2.16.9-0.1+deb11u2
MEDIUM4.8Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory…
from 0
MEDIUM4.7Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before…
from 0, < 2.16.9-0.1+deb11u1
MEDIUM4.7An issue was discovered in Arm Mbed TLS before 2.24.0.
from 0, < 2.16.9-0.1
MEDIUM4.7An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15.
from 0, < 2.16.9-0.1
MEDIUM4.7The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before…
from 0, < 2.16.4-1
MEDIUM4.7Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption…
from 0, < 2.14.1-1
MEDIUM4.7ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphe…
from 0, < 2.12.0-1
LOW3.7In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaint…
from 0, < 3.6.4-1