Arm Mbed Tls vulnerabilities

CVE-2025-27809 [MEDIUM] CWE-1188 CVE-2025-27809: Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

CVE-2025-27810 [MEDIUM] CWE-908 CVE-2025-27810: Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

CVE-2024-49195 [CRITICAL] CWE-787 CVE-2024-49195: Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque ke Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

CVE-2024-45159 [CRITICAL] CWE-295 CVE-2024-45159: An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional a An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_U

CVE-2024-45158 [CRITICAL] CWE-121 CVE-2024-45158: An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_t An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can af

CVE-2024-45157 [MEDIUM] CWE-696 CVE-2024-45157: An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected a An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.

CVE-2024-30166 [CRITICAL] CWE-121 CVE-2024-30166: In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

CVE-2024-28755 [MEDIUM] CWE-326 CVE-2024-28755: An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedt An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or f

CVE-2024-28836 [MEDIUM] CWE-835 CVE-2024-28836: An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the serv An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHell

CVE-2024-28960 [HIGH] CWE-284 CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mb An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

CVE-2024-23775 [HIGH] CWE-190 CVE-2024-23775: Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

CVE-2024-23170 [MEDIUM] CWE-203 CVE-2024-23170: An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" b

CVE-2024-23744 [HIGH] CWE-400 CVE-2024-23744: An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

CVE-2023-52353 [HIGH] CWE-384 CVE-2023-52353: An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotia An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

CVE-2023-45199 [CRITICAL] CWE-120 CVE-2023-45199: Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.

CVE-2023-43615 [HIGH] CWE-120 CVE-2023-43615: Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

CVE-2021-36647 [MEDIUM] CWE-327 CVE-2021-36647: Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c i Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secur

CVE-2022-46393 [CRITICAL] CWE-125 CVE-2022-46393: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-ba An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

CVE-2022-46392 [MEDIUM] CWE-203 CVE-2022-46392: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_

CVE-2022-35409 [CRITICAL] CWE-125 CVE-2022-35409: An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an u An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected config