Vulnerabilities > ARM > Mbed TLS > 2.26.0

DATE CVE VULNERABILITY TITLE RISK
2021-12-21 CVE-2021-45450 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-12-21 CVE-2021-45451 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
 9.8
9.8