Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23775 | 1 Arm | 1 Mbed Tls | 2024-02-28 | N/A | 7.5 HIGH |
| Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). | |||||
| CVE-2023-52353 | 1 Arm | 1 Mbed Tls | 2024-02-28 | N/A | 7.5 HIGH |
| An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | |||||
| CVE-2024-23170 | 1 Arm | 1 Mbed Tls | 2024-02-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. | |||||
| CVE-2023-45199 | 1 Arm | 1 Mbed Tls | 2024-02-28 | N/A | 9.8 CRITICAL |
| Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. | |||||
| CVE-2023-43615 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2024-02-28 | N/A | 7.5 HIGH |
| Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | |||||