mbedtls vulnerabilities

Known vulnerabilities in the mbedtls package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2025-48965	*
L Off-by-one Error	*
L Compiler Optimization Removal or Modification of Security-critical Code	*
L CVE-2025-47917	*
L CVE-2025-27809	*
L CVE-2025-27810	*
L CVE-2024-45157	*
L CVE-2024-28755	*
L CVE-2024-28960	*
L Information Exposure	*
L Integer Overflow or Wraparound	*
L Buffer Overflow	*
M Use of a Broken or Risky Cryptographic Algorithm	<2.16.11-0.1
M Information Exposure	<2.28.2-1
C Out-of-bounds Read	<2.28.2-1
C Out-of-bounds Read	<2.28.1-1
H CVE-2021-43666	<2.28.0-1
C Double Free	<2.28.0-0.3
H Improper Certificate Validation	<2.16.9-0.1
H Exposure of Resource to Wrong Sphere	<2.16.9-0.1
M Improper Certificate Validation	<2.28.0-0.3
H Incorrect Calculation of Buffer Size	<2.16.9-0.1
M Information Exposure	<2.16.11-0.1
M Improper Certificate Validation	<2.16.9-0.1
M Information Exposure	<2.16.9-0.1
H Cleartext Transmission of Sensitive Information	<2.16.9-0.1
M Information Exposure	<2.16.9-0.1
H Out-of-bounds Read	<2.16.9-0.1
M Information Exposure	<2.16.9-0.1
M Information Exposure	<2.16.9-0.1
M Use of a Broken or Risky Cryptographic Algorithm	<2.16.9-0.1
M Missing Encryption of Sensitive Data	<2.16.5-1
M Information Exposure	<2.16.4-1
M Information Exposure	<2.16.3-1
M Improper Privilege Management	<2.14.1-1
M CVE-2018-0497	<2.12.0-1
M CVE-2018-0498	<2.12.0-1
L Improper Certificate Validation	*
H Out-of-bounds Read	<2.8.0-1
H Out-of-bounds Read	<2.8.0-1
C Integer Overflow or Wraparound	<2.7.0-2
C Out-of-Bounds	<2.7.0-2
C Out-of-bounds Write	<2.7.0-2
H Improper Authentication	<2.6.0-1
H Improper Certificate Validation	<2.4.2-1

Vulnerability

Vulnerable Version

CVE-2025-48965