ARM mbed TLS 2.28.9

CPE Details

ARM mbed TLS 2.28.9
2.28.9
2025-01-14
14h46 +00:00
2025-01-14
14h46 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:arm:mbed_tls:2.28.9:*:*:*:*:*:*:*

Informations

Vendor

arm

Product

mbed_tls

Version

2.28.9

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-52353 2024-01-20 23h00 +00:00 An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
7.5
High
CVE-2021-36647 2023-01-16 23h00 +00:00 Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
4.7
Medium
CVE-2021-43666 2022-03-23 23h00 +00:00 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
7.5
High
CVE-2021-45451 2021-12-20 23h00 +00:00 In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
7.5
High