Homepage

mbedtls

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mbedtls package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2025-66442

*
  • L
CVE-2026-25834

*
  • L
CVE-2026-25833

*
  • L
CVE-2026-25835

*
  • L
CVE-2026-34877

*
  • L
CVE-2026-34876

*
  • L
CVE-2026-34873

*
  • L
CVE-2026-34871

*
  • L
CVE-2026-34872

*
  • L
CVE-2026-34875

*
  • L
CVE-2026-34874

*
  • L
CVE-2025-54764

<3.6.5-0.1
  • L
CVE-2025-59438

<3.6.5-0.1
  • L
Off-by-one Error

<3.6.4-1
  • L
Covert Timing Channel

<3.6.4-1
  • H
Compiler Optimization Removal or Modification of Security-critical Code

<3.6.4-1
  • M
Out-of-bounds Read

<3.6.4-1
  • C
Use After Free

<3.6.4-1
  • H
NULL Pointer Dereference

<3.6.4-1
  • L
Missing Required Cryptographic Step

<3.6.4-1
  • M
CVE-2025-27810

<3.6.3-1
  • L
CVE-2025-27809

<3.6.3-1
  • L
CVE-2024-49195

<3.6.2-1
  • L
CVE-2024-45157

*
  • L
CVE-2024-28755

<3.6.0-3
  • L
CVE-2024-28960

<2.28.8-1
  • H
Integer Overflow or Wraparound

<2.28.7-1
  • M
Information Exposure

<2.28.7-1
  • L
Buffer Overflow

*
  • M
Use of a Broken or Risky Cryptographic Algorithm

<2.16.11-0.1
  • M
Information Exposure

<2.28.2-1
  • C
Out-of-bounds Read

<2.28.2-1
  • C
Out-of-bounds Read

<2.28.1-1
  • H
CVE-2021-43666

<2.28.0-1
  • C
Double Free

<2.28.0-0.3
  • H
Improper Certificate Validation

<2.16.9-0.1
  • H
Exposure of Resource to Wrong Sphere

<2.16.9-0.1
  • M
Improper Certificate Validation

<2.28.0-0.3
  • H
Incorrect Calculation of Buffer Size

<2.16.9-0.1
  • M
Information Exposure

<2.16.11-0.1
  • M
Improper Certificate Validation

<2.16.9-0.1
  • M
Information Exposure

<2.16.9-0.1
  • H
Cleartext Transmission of Sensitive Information

<2.16.9-0.1
  • M
Information Exposure

<2.16.9-0.1
  • H
Out-of-bounds Read

<2.16.9-0.1
  • M
Information Exposure

<2.16.9-0.1
  • M
Information Exposure

<2.16.9-0.1
  • M
Use of a Broken or Risky Cryptographic Algorithm

<2.16.9-0.1
  • M
Missing Encryption of Sensitive Data

<2.16.5-1
  • M
Information Exposure

<2.16.4-1
  • M
Information Exposure

<2.16.3-1
  • M
Improper Privilege Management

<2.14.1-1
  • M
CVE-2018-0498

<2.12.0-1
  • M
CVE-2018-0497

<2.12.0-1
  • L
Improper Certificate Validation

*
  • H
Out-of-bounds Read

<2.8.0-1
  • H
Out-of-bounds Read

<2.8.0-1
  • C
Integer Overflow or Wraparound

<2.7.0-2
  • C
Out-of-bounds Write

<2.7.0-2
  • C
Out-of-Bounds

<2.7.0-2
  • H
Improper Authentication

<2.6.0-1
  • H
Improper Certificate Validation

<2.4.2-1