Vulnerabilities > ARM > Mbed TLS > 1.3.16

DATE CVE VULNERABILITY TITLE RISK
2024-01-21 CVE-2023-52353 Session Fixation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS through 3.5.1.
network
low complexity
arm CWE-384
7.5
2023-01-17 CVE-2021-36647 Use of a Broken or Risky Cryptographic Algorithm vulnerability in ARM Mbed TLS
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
local
high complexity
arm CWE-327
4.7
2022-12-15 CVE-2022-46392 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
high complexity
arm fedoraproject CWE-203
5.3
2022-12-15 CVE-2022-46393 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
low complexity
arm fedoraproject CWE-787
critical
9.8
2022-07-15 CVE-2022-35409 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0.
network
low complexity
arm debian CWE-125
critical
9.1
2022-03-24 CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
network
low complexity
arm debian
7.5
2021-12-21 CVE-2021-45451 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
9.8
2021-08-23 CVE-2020-36475 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-131
7.5
2021-08-23 CVE-2020-36476 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).
network
low complexity
arm debian CWE-212
7.5