ARM mbed TLS 2.28.5

CPE Details

ARM mbed TLS 2.28.5
2.28.5
2023-11-27
00h31 +00:00
2023-11-27
00h31 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:arm:mbed_tls:2.28.5:*:*:*:*:*:*:*

Informations

Vendor

arm

Product

mbed_tls

Version

2.28.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45157 2024-09-05 00h00 +00:00 An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
5.1
Medium
CVE-2024-23170 2024-01-30 23h00 +00:00 An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
5.5
Medium
CVE-2024-23775 2024-01-30 23h00 +00:00 Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
7.5
High
CVE-2023-52353 2024-01-20 23h00 +00:00 An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
7.5
High
CVE-2021-36647 2023-01-16 23h00 +00:00 Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
4.7
Medium
CVE-2021-43666 2022-03-23 23h00 +00:00 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
7.5
High
CVE-2021-45451 2021-12-20 23h00 +00:00 In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
7.5
High