Vulnerabilities > ARM > Mbed TLS > 1.3.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-13 | CVE-2018-0487 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. | 7.5 |
2017-08-30 | CVE-2017-14032 | Improper Authentication vulnerability in ARM Mbed TLS ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. | 6.8 |
2017-04-20 | CVE-2017-2784 | Improper Certificate Validation vulnerability in ARM Mbed TLS An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. | 6.8 |
2015-11-02 | CVE-2015-8036 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. | 6.8 |
2015-11-02 | CVE-2015-5291 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. | 6.8 |