Vulnerabilities > ARM > Mbed TLS > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-45159 Improper Certificate Validation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS 3.x before 3.6.1.
network
low complexity
arm CWE-295
critical
 9.8
9.8
2023-10-07 CVE-2023-45199 Classic Buffer Overflow vulnerability in ARM Mbed TLS 3.2.0/3.3.0
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
network
low complexity
arm CWE-120
critical
 9.8
9.8
2022-12-15 CVE-2022-46393 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
low complexity
arm fedoraproject CWE-787
critical
 9.8
9.8
2022-07-15 CVE-2022-35409 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0.
network
low complexity
arm debian CWE-125
critical
 9.1
9.1
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
 9.8
9.8
2018-02-14 CVE-2017-18187 Integer Overflow or Wraparound vulnerability in multiple products
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
network
low complexity
arm debian CWE-190
critical
 9.8
9.8
2018-02-13 CVE-2018-0487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
network
low complexity
arm debian CWE-119
critical
 9.8
9.8
2018-02-13 CVE-2018-0488 Out-of-bounds Write vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
network
low complexity
arm debian CWE-787
critical
 9.8
9.8