| Bug | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2025-52497 | vulnerable | vulnerable | vulnerable | vulnerable | Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer und ... |
| CVE-2025-52496 | vulnerable | vulnerable | vulnerable | vulnerable | Mbed TLS before 3.6.4 has a race condition in AESNI detection if certa ... |
| CVE-2025-49601 | fixed | fixed | vulnerable | vulnerable | In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not ... |
| CVE-2025-49600 | fixed | fixed | vulnerable | vulnerable | In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid s ... |
| CVE-2025-49087 | fixed | fixed | vulnerable | vulnerable | |
| CVE-2025-48965 | vulnerable | vulnerable | vulnerable | vulnerable | |
| CVE-2025-47917 | vulnerable | vulnerable | vulnerable | vulnerable | |
| CVE-2025-27810 | vulnerable | vulnerable (no DSA) | fixed | fixed | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed ... |
| CVE-2025-27809 | vulnerable | vulnerable (no DSA) | fixed | fixed | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ... |
| CVE-2024-28960 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28. ... |
| CVE-2024-28755 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL co ... |
| CVE-2024-23775 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x b ... |
| CVE-2024-23170 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3 ... |
| CVE-2022-35409 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0 ... |
| Bug | Description |
|---|
| CVE-2024-49195 | Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkw ... |
| CVE-2024-45159 | An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, wh ... |
| CVE-2024-45158 | An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer o ... |
| CVE-2024-30166 | In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can c ... |
| CVE-2024-28836 | An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiati ... |
| CVE-2024-23744 | An issue was discovered in Mbed TLS 3.5.1. There is persistent handsha ... |
| CVE-2023-52353 | An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_sess ... |
| CVE-2023-45199 | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ... |
| CVE-2022-46393 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ... |
| CVE-2022-46392 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ... |
| CVE-2021-45451 | In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ... |
| CVE-2021-45450 | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ... |
| CVE-2021-44732 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ... |
| CVE-2021-43666 | A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier ... |
| CVE-2021-36647 | Use of a Broken or Risky Cryptographic Algorithm in the function mbedt ... |
| CVE-2021-24119 | In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in b ... |
| CVE-2020-36478 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ... |
| CVE-2020-36477 | An issue was discovered in Mbed TLS before 2.24.0. The verification of ... |
| CVE-2020-36476 | An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ... |
| CVE-2020-36475 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ... |
| CVE-2020-36426 | An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ... |
| CVE-2020-36425 | An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ... |
| CVE-2020-36424 | An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ... |
| CVE-2020-36423 | An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ... |
| CVE-2020-36422 | An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel ... |
| CVE-2020-36421 | An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ... |
| CVE-2020-16150 | A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ... |
| CVE-2020-10941 | Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive inform ... |
| CVE-2020-10932 | An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ... |
| CVE-2019-18222 | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ... |
| CVE-2019-16910 | Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when dete ... |
| CVE-2018-19608 | Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a l ... |
| CVE-2018-9989 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ... |
| CVE-2018-9988 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ... |
| CVE-2018-0498 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows loc ... |
| CVE-2018-0497 | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows rem ... |
| CVE-2018-0488 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ... |
| CVE-2018-0487 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows rem ... |
| CVE-2017-18187 | In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through a ... |
| CVE-2017-14032 | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentic ... |
| CVE-2017-2784 | An exploitable free of a stack pointer vulnerability exists in the x50 ... |
| CVE-2015-8036 | Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x b ... |
| CVE-2015-5291 | Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed ... |