https://github.com|armmbed/mbedtls vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the https://github.com|armmbed/mbedtls package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Timing Attack	[,3.6.5)
M Timing Attack	[,3.6.5)
C Use After Free	[,3.6.4)
M Covert Timing Channel	[3.6.1,3.6.4)
M NULL Pointer Dereference	[,3.6.4)
M Off-by-one Error	[,3.6.4)
M Compiler Optimization Removal or Modification of Security-critical Code	[,3.6.4)
L Missing Cryptographic Step	[3.3.0,3.6.4)
M Out-of-bounds Read	[3.3.0,3.6.4)
M Use of Uninitialized Resource	[,2.28.10)[3.0.0,3.6.3)
M Insecure Default Initialization of Resource	[,2.28.10)[3.0.0,3.6.3)
C Buffer Underflow	[3.5.0,3.6.2)
H Improper Certificate Validation	[3.2.0,3.6.1)
M Missing Cryptographic Step	[2.26.0,2.28.9)[3.0.0,3.6.1)
H Stack-based Buffer Overflow	[,3.6.1)
M Out-of-bounds Read	[0,)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[0,)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[0,)
M Improper Isolation or Compartmentalization	[,2.28.8)[3.0.0,3.6.0)
M Observable Timing Discrepancy	[,2.28.7)[3.0.0,3.5.2)
M Heap-based Buffer Overflow	[,2.28.7)[3.0.0,3.5.2)
H Buffer Overflow	[,2.28.5)[3.0.0,3.5.0)
H Buffer Overflow	[3.2.0,3.5.0)
M Improperly Implemented Security Check for Standard	[0,)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[3.4.1,3.6.0)
M Use of a Broken or Risky Cryptographic Algorithm	[,2.16.11)[2.17.0,2.27.0)
H Heap-based Buffer Overflow	[,2.28.2)[3.0.0,3.3.0)
M Cryptographic Issues	[,2.28.2)[3.0.0,3.3.0)
M Buffer Overread	[,2.28.1)[3.0.0,3.2.0)
H Denial of Service (DoS)	[,2.16.12)[2.17.0,2.28.0)[3.0.0,3.1.0)
H Buffer Overflow	[,2.7.18)[2.8.0,2.16.9)[2.17.0,2.25.0)
H Improper Certificate Validation	[,2.7.1)
M User Enumeration	[,2.23.0)
M Improper Certificate Validation	[,2.24.0)
M User Enumeration	[,2.26.0)
M User Enumeration	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
H Out-of-bounds Read	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
H Resources Downloaded over Insecure Protocol	[,2.16.7)[2.17.0,2.23.0)
M Privilege Escalation	[2.1.0,2.1.17)[2.7.0,2.7.8)[2.14.0,2.14.1)
M Improper Certificate Validation	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
M Use of a Risky Cryptographic Algorithm	[2.7.0,2.7.15)[2.16.0,2.16.6)
H Improper Certificate Validation	[,1.3.19)
H Information Exposure	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
C Out-of-bounds Write	[1.3.0,1.3.22)[2.1.0,2.1.10)[2.2.0,2.7.0)
M User Enumeration	[,2.16.7)[2.17.0,2.23.0)
H Out-of-bounds Read	[,2.1.11)[2.7.0,2.7.2)
H Improper Certificate Validation	[,2.7.18)[2.8.0,2.16.9)[2.17.0,2.25.0)
H Improper Authentication	[,1.3.21)[2.1.0,2.1.9)
H Out-of-bounds Read	[,2.1.11)[2.7.0,2.7.2)
M Cryptographic Issues	[,2.1.14)[2.2.0,2.7.5)[2.8.0,2.12.0)
M Cryptographic Issues	[,2.1.14)[2.2.0,2.7.5)[2.8.0,2.12.0)
C Out-of-Bounds	[1.3.8,1.3.22)[2.1.0,2.1.10)[2.2.0,2.7.0)
M User Enumeration	[,2.16.7)[2.17.0,2.23.0)
C Integer Overflow or Wraparound	[,2.7.0)
M Missing Encryption of Sensitive Data	[,2.16.5)
M User Enumeration	[,2.7.13)[2.8.0,2.16.4)[2.17.0,2.20.0)
M Information Exposure	[,2.7.12)[2.8.0,2.16.3)[2.17.0,2.19.0)
H Insecure Encryption	[1.0.0,1.1.2)
M Cryptographic Issues	[,1.2.11)
H Resource Management Errors	[,1.2.12)
M Cryptographic Issues	[,0.14.2)
M Out-of-Bounds	[1.3.0,1.3.14)[2.0.0,2.1.2)
H Denial of Service (DoS)	[1.0.0,1.3.9]
H Resource Management Errors	[,1.3.9)
M Cryptographic Issues	[,1.3.8]
M Improper Input Validation	[,1.1.7)[1.2.0,1.2.8)
M Out-of-Bounds	[1.3.0,1.3.14)[2.0.0,2.1.2)
M Improper Input Validation	[,1.2.5)
M Out-of-Bounds	[,1.1.8)
M Cryptographic Issues	[,1.2.9)

Vulnerability

Vulnerable Version

Timing Attack

[,3.6.5)