Every CVE whose affected-product data names Arm Mbed Tls, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (51)
CVE-2022-46393 — CVSS 9.8 (critical): An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based…
CVE-2017-18187 — CVSS 9.8 (critical): In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the…
CVE-2018-0487 — CVSS 9.8 (critical): ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2018-0488 — CVSS 9.8 (critical): ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to…
CVE-2026-34877 — CVSS 9.8 (critical): An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or…
CVE-2021-44732 — CVSS 9.8 (critical): Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
CVE-2022-35409 — CVSS 9.1 (critical): An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an…
CVE-2026-34872 — CVSS 9.1 (critical): An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH…
CVE-2025-47917 — CVSS 8.9 (high): Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the…
CVE-2024-28960 — CVSS 8.2 (high): An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API…
CVE-2017-14032 — CVSS 8.1 (high): ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer…
CVE-2025-52496 — CVSS 7.8 (high): Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract…
CVE-2026-25835 — CVSS 7.7 (high): Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2020-36423 — CVSS 7.5 (high): An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure…
CVE-2018-9988 — CVSS 7.5 (high): ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a…
CVE-2020-36426 — CVSS 7.5 (high): An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
CVE-2020-36475 — CVSS 7.5 (high): An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by…
CVE-2020-36476 — CVSS 7.5 (high): An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext…
CVE-2018-1000520 — CVSS 7.5 (high): ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_…
CVE-2021-43666 — CVSS 7.5 (high): A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's…
CVE-2024-23775 — CVSS 7.5 (high): Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via…
CVE-2023-52353 — CVSS 7.5 (high): An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For…
CVE-2018-9989 — CVSS 7.5 (high): ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash…
CVE-2020-36478 — CVSS 7.5 (high): An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks…
CVE-2021-45451 — CVSS 7.5 (high): In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory…
CVE-2026-34871 — CVSS 6.7 (medium): An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a…
CVE-2025-54764 — CVSS 6.2 (medium): Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or…
CVE-2018-0497 — CVSS 5.9 (medium): ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based…
CVE-2020-36477 — CVSS 5.9 (medium): An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn…
CVE-2020-10941 — CVSS 5.9 (medium): Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
CVE-2024-23170 — CVSS 5.5 (medium): An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This…
CVE-2020-16150 — CVSS 5.5 (medium): A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an…
CVE-2025-27810 — CVSS 5.4 (medium): Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory…
CVE-2025-27809 — CVSS 5.4 (medium): Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames…
CVE-2020-36421 — CVSS 5.3 (medium): An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a…
CVE-2020-36425 — CVSS 5.3 (medium): An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor…
CVE-2022-46392 — CVSS 5.3 (medium): An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory…
CVE-2019-16910 — CVSS 5.3 (medium): Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for…
CVE-2020-36422 — CVSS 5.3 (medium): An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to…
CVE-2025-66442 — CVSS 5.1 (medium): In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's…
CVE-2021-24119 — CVSS 4.9 (medium): In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers…
CVE-2025-52497 — CVSS 4.8 (medium): Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse…
CVE-2021-36647 — CVSS 4.7 (medium): Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before…
CVE-2020-36424 — CVSS 4.7 (medium): An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a…
CVE-2020-10932 — CVSS 4.7 (medium): An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel…
CVE-2019-18222 — CVSS 4.7 (medium): The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before…
CVE-2018-19608 — CVSS 4.7 (medium): Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA…
CVE-2018-0498 — CVSS 4.7 (medium): ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based…
CVE-2025-48965 — CVSS 4.0 (medium): Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL…