IDCVSSSummaryLast (major) updatePublished
CVE-2020-10941 4.3
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
24-02-2023 - 00:10 24-03-2020 - 20:15
CVE-2019-18222 1.9
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
03-03-2023 - 15:25 23-01-2020 - 17:15
CVE-2019-16910 2.6
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the
03-03-2023 - 15:24 26-09-2019 - 13:15
CVE-2020-16150 2.1
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a pa
27-02-2023 - 18:03 02-09-2020 - 16:15
CVE-2021-24119 4.0
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software runni
24-02-2023 - 00:11 14-07-2021 - 13:15
CVE-2020-36425 4.3
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
11-01-2023 - 17:02 19-07-2021 - 17:15
CVE-2020-36424 1.9
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
11-01-2023 - 17:02 19-07-2021 - 17:15
CVE-2020-36423 5.0
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
11-01-2023 - 17:02 19-07-2021 - 17:15
CVE-2020-36422 5.0
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
11-01-2023 - 17:01 19-07-2021 - 17:15
CVE-2020-36426 5.0
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
11-01-2023 - 17:02 19-07-2021 - 17:15
CVE-2020-36421 5.0
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.
11-01-2023 - 17:01 19-07-2021 - 17:15
CVE-2020-36478 5.0
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameter
11-01-2023 - 17:01 23-08-2021 - 02:15
CVE-2020-36477 4.3
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName exten
13-01-2023 - 19:59 23-08-2021 - 02:15
CVE-2020-36476 5.0
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
11-01-2023 - 17:01 23-08-2021 - 02:15
CVE-2020-36475 5.0
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generatin
11-01-2023 - 17:00 23-08-2021 - 02:15
CVE-2021-44732 7.5
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
24-02-2023 - 00:09 20-12-2021 - 08:15
CVE-2021-45451 5.0
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
08-12-2022 - 22:22 21-12-2021 - 07:15
CVE-2021-43666 5.0
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
20-07-2023 - 15:06 24-03-2022 - 18:15
CVE-2022-35409 None
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This ca
03-03-2023 - 15:33 15-07-2022 - 14:15
CVE-2022-46393 None
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_
08-08-2023 - 14:22 15-12-2022 - 23:15
CVE-2022-46392 None
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key
01-03-2023 - 15:11 15-12-2022 - 23:15
CVE-2021-36647 None
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (
27-01-2023 - 17:56 17-01-2023 - 21:15
CVE-2023-52353 None
An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
29-01-2024 - 15:53 21-01-2024 - 23:15
Back to Top Mark selected
Back to Top