CVE-2025-27810

Medium CVSS: 5.4

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

Vendor

Arm

Product

Mbed Tls

CWE

CWE-908

Yayın Tarihi

2025-03-25 06:15:41

Güncelleme

2025-10-30 15:05:35

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-908 Mbed Tls MEDIUM Arm 2025

Referanslar

https://github.com/Mbed-TLS/mbedtls/releases https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/

Benzer Kayıtlar

Critical

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of seriali…

High

CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in lib…

Critical

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session…

Critical

CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory…

Medium

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occ…

Medium

CVE-2026-34871

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predict…