Vulnerabilities > ARM > Mbed TLS > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-31 CVE-2024-23775 Integer Overflow or Wraparound vulnerability in ARM Mbed TLS
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
network
low complexity
arm CWE-190
7.5
7.5
2024-01-21 CVE-2023-52353 Session Fixation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS through 3.5.1.
network
low complexity
arm CWE-384
7.5
7.5
2024-01-21 CVE-2024-23744 Unspecified vulnerability in ARM Mbed TLS 3.5.0/3.5.1
An issue was discovered in Mbed TLS 3.5.1.
network
low complexity
arm
7.5
7.5
2023-10-07 CVE-2023-43615 Classic Buffer Overflow vulnerability in multiple products
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
network
low complexity
arm fedoraproject CWE-120
7.5
7.5
2022-03-24 CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
network
low complexity
arm debian
7.5
7.5
2021-12-21 CVE-2021-45450 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-12-21 CVE-2021-45451 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-08-23 CVE-2020-36475 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-131
7.5
7.5
2021-08-23 CVE-2020-36476 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).
network
low complexity
arm debian CWE-212
7.5
7.5
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
7.5