Vulnerabilities > ARM > Mbed TLS > 2.7.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000520 Improper Certificate Validation vulnerability in ARM Mbed TLS
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be..
network
low complexity
arm CWE-295
7.5
7.5
2018-04-10 CVE-2018-9989 Out-of-bounds Read vulnerability in multiple products
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
network
low complexity
arm debian CWE-125
7.5
7.5
2018-04-10 CVE-2018-9988 Out-of-bounds Read vulnerability in multiple products
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
network
low complexity
arm debian CWE-125
7.5
7.5
2018-02-14 CVE-2017-18187 Integer Overflow or Wraparound vulnerability in multiple products
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
network
low complexity
arm debian CWE-190
critical
 9.8
9.8