Vulnerabilities > ARM > Mbed TLS > 2.16.8

DATE CVE VULNERABILITY TITLE RISK
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
 9.8
9.8
2021-08-23 CVE-2020-36475 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-131
7.5
7.5
2021-08-23 CVE-2020-36477 Improper Certificate Validation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS before 2.24.0.
network
high complexity
arm CWE-295
5.9
5.9
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
7.5
2021-07-14 CVE-2021-24119 Information Exposure Through Discrepancy vulnerability in multiple products
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
arm fedoraproject debian CWE-203
4.9
4.9