mbedtls

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Portable cryptographic and SSL/TLS library, aka polarssl
Version 2.27.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2153 2.25.0-1 2.26.0-1 Medium Fixed
AVG-1386 2.16.7-1 2.25.0-1 High Fixed FS#69128
AVG-1141 2.16.5-1 2.16.7-1 Medium Fixed
AVG-1104 2.16.3-1 2.16.5-1 High Fixed
AVG-742 2.8.0-1 2.12.0-1 High Fixed
AVG-617 2.6.0-1 2.7.0-1 High Fixed
AVG-198 2.4.0-1 2.4.2-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-24119 AVG-2153 Medium No Information disclosure
In Trusted Firmware Mbed TLS before version 2.26.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers...
CVE-2020-16150 AVG-1386 High No Private key recovery
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover...
CVE-2020-10932 AVG-1141 Medium No Private key recovery
A side channel attack has been found on the ECDSA implementation of Mbed TLS before 2.22.0, 2.16.6 and 2.7.15, allowing a local attacker with access to...
CVE-2019-18222 AVG-1104 High No Private key recovery
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto before 3.0.1 and Mbed TLS before 2.20.0, 2.16.4 or 2.7.13 does not reduce the blinded...
CVE-2018-0497 AVG-742 High Yes Information disclosure
A remote plaintext recovery security issue has been found in Mbed TLS before 2.12.0, 2.7.5 or 2.1.14, when using a CBC based ciphersuite. To be able to...
CVE-2018-0488 AVG-617 High Yes Arbitrary code execution
ARM mbed TLS before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2018-0487 AVG-617 High Yes Arbitrary code execution
ARM mbed TLS before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain...
CVE-2017-2784 AVG-198 Critical Yes Arbitrary code execution
A security issue has been found in mbed TLS < 2.4.2. If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an...

Advisories

Date Advisory Group Severity Type
14 Jul 2021 ASA-202107-27 AVG-2153 Medium information disclosure
08 Jan 2021 ASA-202101-7 AVG-1386 High private key recovery
31 Jul 2020 ASA-202007-5 AVG-1141 Medium private key recovery
11 Mar 2020 ASA-202003-7 AVG-1104 High private key recovery
24 Feb 2018 ASA-201802-15 AVG-617 High arbitrary code execution
20 Mar 2017 ASA-201703-16 AVG-198 Critical arbitrary code execution