Vulnerabilidades en Mbed

9 resultados

CVE-2025-47917HIGHMbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation.EPSS 2.0%CVE-2025-48965MEDIUMMbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL bEPSS 0.5%CVE-2025-49087MEDIUMIn Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plainteEPSS 0.4%CVE-2025-52497MEDIUMMbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions,EPSS 0.3%CVE-2025-27810MEDIUMMbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory EPSS 0.3%CVE-2025-49601MEDIUMIn MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-biEPSS 0.3%CVE-2025-52496HIGHMbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract anEPSS 0.2%CVE-2025-27809MEDIUMMbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unlEPSS 0.2%CVE-2025-49600MEDIUMIn MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, EPSS 0.1%