Trustedfirmware Mbed_tls
41 CVEs affecting Trustedfirmware Mbed_tls. Latest disclosed: 2026-04-02. Critical: 11, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34877 | Critical | 9.8 | 2026-04-02 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures a… |
CVE-2026-34875 | Critical | 9.8 | 2026-04-01 | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. |
CVE-2024-49195 | Critical | 9.8 | 2024-10-15 | Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair |
CVE-2024-45159 | Critical | 9.8 | 2024-09-05 | An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certifi… |
CVE-2024-45158 | Critical | 9.8 | 2024-09-05 | An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the b… |
CVE-2023-45199 | Critical | 9.8 | 2023-10-07 | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. |
CVE-2022-46393 | Critical | 9.8 | 2022-12-15 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS… |
CVE-2021-44732 | Critical | 9.8 | 2021-12-20 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. |
CVE-2026-34873 | Critical | 9.1 | 2026-04-01 | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. |
CVE-2024-30166 | Critical | 9.1 | 2024-04-03 | In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (o… |
CVE-2022-35409 | Critical | 9.1 | 2022-07-15 | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello mes… |
CVE-2024-28960 | High | 8.2 | 2024-03-29 | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. |
CVE-2017-14032 | High | 8.1 | 2017-08-30 | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 c… |
CVE-2017-2784 | High | 8.1 | 2017-04-20 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x bef… |
CVE-2026-25835 | High | 7.7 | 2026-04-01 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). |
CVE-2026-34876 | High | 7.5 | 2026-04-02 | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain a… |
CVE-2026-34874 | High | 7.5 | 2026-04-01 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attac… |
CVE-2026-25833 | High | 7.5 | 2026-04-01 | Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function |
CVE-2024-23775 | High | 7.5 | 2024-01-31 | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_ext… |
CVE-2024-23744 | High | 7.5 | 2024-01-21 | An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. |