📦

mbed_crypto

Vendor: arm

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 6 Total Indexed

Avg. EPSS 0.41% Exploit Prob.

Latest CVE CVE-2024-28960 Mar 29

Security Vulnerability Index

Page 1 / 1

8.2 CVSS

CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

EPSS: 0.15%

Severity: HIGH

Mar 29, 2024

5.9 CVSS

CVE-2020-10941

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

EPSS: 0.71%

Severity: MEDIUM

Mar 24, 2020

4.7 CVSS

CVE-2019-18222

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

EPSS: 0.11%

Severity: MEDIUM

Jan 23, 2020

5.3 CVSS

CVE-2019-16910

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

EPSS: 0.67%

Severity: MEDIUM

Sep 26, 2019

Displaying 4 of 6 Total Entries

Total 1 Sections