| CVE-2021-24119 |
AVG-2153 |
Medium |
No |
Information disclosure |
In Trusted Firmware Mbed TLS before version 2.26.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers... |
| CVE-2020-16150 |
AVG-1386 |
High |
No |
Private key recovery |
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover... |
| CVE-2020-10932 |
AVG-1141 |
Medium |
No |
Private key recovery |
A side channel attack has been found on the ECDSA implementation of Mbed TLS before 2.22.0, 2.16.6 and 2.7.15, allowing a local attacker with access to... |
| CVE-2019-18222 |
AVG-1104 |
High |
No |
Private key recovery |
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto before 3.0.1 and Mbed TLS before 2.20.0, 2.16.4 or 2.7.13 does not reduce the blinded... |
| CVE-2018-0497 |
AVG-742 |
High |
Yes |
Information disclosure |
A remote plaintext recovery security issue has been found in Mbed TLS before 2.12.0, 2.7.5 or 2.1.14, when using a CBC based ciphersuite. To be able to... |
| CVE-2018-0488 |
AVG-617 |
High |
Yes |
Arbitrary code execution |
ARM mbed TLS before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of... |
| CVE-2018-0487 |
AVG-617 |
High |
Yes |
Arbitrary code execution |
ARM mbed TLS before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain... |
| CVE-2017-2784 |
AVG-198 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in mbed TLS < 2.4.2. If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an... |