Homepage

mbedtls

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mbedtls package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2026-25834

*
  • L
CVE-2025-66442

*
  • L
CVE-2026-25833

*
  • L
CVE-2026-25835

*
  • L
CVE-2026-34877

*
  • L
CVE-2026-34876

*
  • L
CVE-2026-34875

*
  • L
CVE-2026-34872

*
  • L
CVE-2026-34873

*
  • L
CVE-2026-34874

*
  • L
CVE-2026-34871

*
  • L
CVE-2025-54764

<3.6.5-0.1
  • L
CVE-2025-59438

<3.6.5-0.1
  • L
Buffer Overflow

*
  • H
Improper Certificate Validation

<2.16.9-0.1
  • H
Incorrect Calculation of Buffer Size

<2.16.9-0.1
  • H
Out-of-bounds Read

<2.8.0-1
  • M
CVE-2018-0497

<2.12.0-1
  • C
Double Free

<2.28.0-0.3
  • M
Information Exposure

<2.16.3-1
  • H
Integer Overflow or Wraparound

<2.28.7-1
  • L
CVE-2025-27809

<3.6.3-1
  • M
Use of a Broken or Risky Cryptographic Algorithm

<2.16.9-0.1
  • H
NULL Pointer Dereference

<3.6.4-1
  • M
Improper Certificate Validation

<2.28.0-0.3
  • M
Improper Certificate Validation

<2.16.9-0.1
  • L
Off-by-one Error

<3.6.4-1
  • L
CVE-2024-45157

*
  • H
Out-of-bounds Read

<2.8.0-1
  • M
Information Exposure

<2.28.2-1
  • H
Improper Certificate Validation

<2.4.2-1
  • H
Out-of-bounds Read

<2.16.9-0.1
  • M
Information Exposure

<2.16.9-0.1
  • H
Exposure of Resource to Wrong Sphere

<2.16.9-0.1
  • M
Improper Privilege Management

<2.14.1-1
  • L
Improper Certificate Validation

*
  • L
Covert Timing Channel

<3.6.4-1
  • H
Cleartext Transmission of Sensitive Information

<2.16.9-0.1
  • L
CVE-2024-28960

<2.28.8-1
  • H
CVE-2021-43666

<2.28.0-1
  • C
Out-of-bounds Read

<2.28.1-1
  • H
Improper Authentication

<2.6.0-1
  • L
CVE-2024-49195

<3.6.2-1
  • M
Information Exposure

<2.16.9-0.1
  • H
Compiler Optimization Removal or Modification of Security-critical Code

<3.6.4-1
  • M
Out-of-bounds Read

<3.6.4-1
  • M
CVE-2025-27810

<3.6.3-1
  • M
Information Exposure

<2.16.4-1
  • M
Use of a Broken or Risky Cryptographic Algorithm

<2.16.11-0.1
  • M
Missing Encryption of Sensitive Data

<2.16.5-1
  • C
Out-of-Bounds

<2.7.0-2
  • C
Use After Free

<3.6.4-1
  • L
CVE-2024-28755

<3.6.0-3
  • L
Missing Required Cryptographic Step

<3.6.4-1
  • C
Out-of-bounds Read

<2.28.2-1
  • M
Information Exposure

<2.28.7-1
  • M
Information Exposure

<2.16.9-0.1
  • M
Information Exposure

<2.16.11-0.1
  • C
Out-of-bounds Write

<2.7.0-2
  • C
Integer Overflow or Wraparound

<2.7.0-2
  • M
Information Exposure

<2.16.9-0.1
  • M
CVE-2018-0498

<2.12.0-1