https://github.com|armmbed/mbedtls vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the https://github.com|armmbed/mbedtls package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Use of Uninitialized Resource	[,2.28.10)[3.0.0,3.6.3)
M Insecure Default Initialization of Resource	[,2.28.10)[3.0.0,3.6.3)
C Buffer Underflow	[3.5.0,3.6.2)
H Improper Certificate Validation	[3.2.0,3.6.1)
M Missing Cryptographic Step	[2.26.0,2.28.9)[3.0.0,3.6.1)
H Stack-based Buffer Overflow	[,3.6.1)
M Out-of-bounds Read	[0,)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[0,)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[0,)
M Improper Isolation or Compartmentalization	[,2.28.8)[3.0.0,3.6.0)
M Observable Timing Discrepancy	[,2.28.7)[3.0.0,3.5.2)
M Heap-based Buffer Overflow	[,2.28.7)[3.0.0,3.5.2)
H Buffer Overflow	[,2.28.5)[3.0.0,3.5.0)
H Buffer Overflow	[3.2.0,3.5.0)
M Improperly Implemented Security Check for Standard	[0,)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[3.4.1,3.6.0)
M Use of a Broken or Risky Cryptographic Algorithm	[,2.16.11)[2.17.0,2.27.0)
H Heap-based Buffer Overflow	[,2.28.2)[3.0.0,3.3.0)
M Cryptographic Issues	[,2.28.2)[3.0.0,3.3.0)
M Buffer Overread	[,2.28.1)[3.0.0,3.2.0)
H Denial of Service (DoS)	[,2.16.12)[2.17.0,2.28.0)[3.0.0,3.1.0)
H Buffer Overflow	[,2.7.18)[2.8.0,2.16.9)[2.17.0,2.25.0)
H Improper Certificate Validation	[,2.7.1)
M User Enumeration	[,2.23.0)
M Improper Certificate Validation	[,2.24.0)
M User Enumeration	[,2.26.0)
M User Enumeration	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
H Out-of-bounds Read	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
H Resources Downloaded over Insecure Protocol	[,2.16.7)[2.17.0,2.23.0)
M Privilege Escalation	[2.1.0,2.1.17)[2.7.0,2.7.8)[2.14.0,2.14.1)
M Improper Certificate Validation	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
M Use of a Risky Cryptographic Algorithm	[2.7.0,2.7.15)[2.16.0,2.16.6)
H Improper Certificate Validation	[,1.3.19)
H Information Exposure	[,2.7.17)[2.8.0,2.16.8)[2.17.0,2.24.0)
C Out-of-bounds Write	[1.3.0,1.3.22)[2.1.0,2.1.10)[2.2.0,2.7.0)
M User Enumeration	[,2.16.7)[2.17.0,2.23.0)
H Out-of-bounds Read	[,2.1.11)[2.7.0,2.7.2)
H Improper Certificate Validation	[,2.7.18)[2.8.0,2.16.9)[2.17.0,2.25.0)
H Improper Authentication	[,1.3.21)[2.1.0,2.1.9)
H Out-of-bounds Read	[,2.1.11)[2.7.0,2.7.2)
M Cryptographic Issues	[,2.1.14)[2.2.0,2.7.5)[2.8.0,2.12.0)
M Cryptographic Issues	[,2.1.14)[2.2.0,2.7.5)[2.8.0,2.12.0)
C Out-of-Bounds	[1.3.8,1.3.22)[2.1.0,2.1.10)[2.2.0,2.7.0)
M User Enumeration	[,2.16.7)[2.17.0,2.23.0)
C Integer Overflow or Wraparound	[,2.7.0)
M Missing Encryption of Sensitive Data	[,2.16.5)
M User Enumeration	[,2.7.13)[2.8.0,2.16.4)[2.17.0,2.20.0)
M Information Exposure	[,2.7.12)[2.8.0,2.16.3)[2.17.0,2.19.0)
H Insecure Encryption	[1.0.0,1.1.2)
M Cryptographic Issues	[,1.2.11)
H Resource Management Errors	[,1.2.12)
M Cryptographic Issues	[,0.14.2)
M Out-of-Bounds	[1.3.0,1.3.14)[2.0.0,2.1.2)
H Denial of Service (DoS)	[1.0.0,1.3.9]
H Resource Management Errors	[,1.3.9)
M Cryptographic Issues	[,1.3.8]
M Improper Input Validation	[,1.1.7)[1.2.0,1.2.8)
M Out-of-Bounds	[1.3.0,1.3.14)[2.0.0,2.1.2)
M Improper Input Validation	[,1.2.5)
M Out-of-Bounds	[,1.1.8)
M Cryptographic Issues	[,1.2.9)
L Cryptographic Issues	[,0.9.8y)[1.0.0,1.0.0k)[1.0.1,1.0.1d)[1.2.0,1.2.5)[1.11.0,1.11.8)[1.12.0,1.12.3)[2.1.0,2.1.6)[2.2.0,2.2.6)[2.3.0,2.3.7)

Vulnerability

Vulnerable Version

Use of Uninitialized Resource

[,2.28.10)[3.0.0,3.6.3)

Insecure Default Initialization of Resource

[,2.28.10)[3.0.0,3.6.3)

Buffer Underflow

[3.5.0,3.6.2)

Improper Certificate Validation

[3.2.0,3.6.1)

Missing Cryptographic Step

[2.26.0,2.28.9)[3.0.0,3.6.1)