Arm Mbed_tls
23 CVEs affecting Arm Mbed_tls. Latest disclosed: 2026-04-02. Critical: 4, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34877 | Critical | 9.8 | 2026-04-02 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures a… |
CVE-2022-46393 | Critical | 9.8 | 2022-12-15 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS… |
CVE-2021-44732 | Critical | 9.8 | 2021-12-20 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. |
CVE-2022-35409 | Critical | 9.1 | 2022-07-15 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello mes… |
CVE-2024-28960 | High | 8.2 | 2024-03-29 | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. |
CVE-2017-14032 | High | 8.1 | 2017-08-30 | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 c… |
CVE-2017-2784 | High | 8.1 | 2017-04-20 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x bef… |
CVE-2026-25835 | High | 7.7 | 2026-04-01 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). |
CVE-2024-23775 | High | 7.5 | 2024-01-31 | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_ext… |
CVE-2023-43615 | High | 7.5 | 2023-10-07 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. |
CVE-2018-9989 | High | 7.5 | 2018-04-10 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. |
CVE-2018-9988 | High | 7.5 | 2018-04-10 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. |
CVE-2026-34871 | Medium | 6.7 | 2026-04-01 | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Gen… |
CVE-2024-23170 | Medium | 5.5 | 2024-01-31 | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could… |
CVE-2025-27810 | Medium | 5.4 | 2025-03-25 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS… |
CVE-2025-27809 | Medium | 5.4 | 2025-03-25 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client… |
CVE-2022-46392 | Medium | 5.3 | 2022-12-15 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically… |
CVE-2019-16910 | Medium | 5.3 | 2019-09-26 | Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which migh… |
CVE-2021-36647 | Medium | 4.7 | 2023-01-17 | Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2… |
CVE-2020-10932 | Medium | 4.7 | 2020-04-15 | An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover th… |