Vulnerabilities > ARM > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-28 CVE-2021-43086 Out-of-bounds Write vulnerability in ARM Adaptive Scalable Texture Compression Encoder 3.2.0
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow.
network
low complexity
arm CWE-787
critical
 9.8
9.8
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
 9.8
9.8
2020-06-18 CVE-2020-12886 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
critical
 9.1
9.1
2020-06-18 CVE-2020-12884 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
critical
 9.1
9.1
2020-06-18 CVE-2020-12883 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
critical
 9.1
9.1
2018-02-14 CVE-2017-18187 Integer Overflow or Wraparound vulnerability in multiple products
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
network
low complexity
arm debian CWE-190
critical
 9.8
9.8
2018-02-13 CVE-2018-0488 Out-of-bounds Write vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
network
low complexity
arm debian CWE-787
critical
 9.8
9.8
2018-02-13 CVE-2018-0487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
network
low complexity
arm debian CWE-119
critical
 9.8
9.8