| mbed TLS-3.3.0 | |||
| CVE ID | Affected Status | Notes | Document Link |
| CVE-2024-45159 | affected | Consumes the affected version. Affected versions are Mbed TLS 3.2.0 to 3.6.0 | Limited authentication bypass in TLS 1.3 optional client authentication |
| CVE-2024-45199 | Not sure it getting affected or not | There is no sufficient details for affected and not affected details. | |
| CVE-2022-46393 | Not affected | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. | |
| CVE-2021-44732 | Affected | All versions of Mbed TLS getting affected | Double Free in mbedtls_ssl_set_session() in an error case. — Mbed TLS documentation |
| CVE-2019-14697 | Not sure it getting affected or not | There is no sufficient details for affected and not affected details. | |
| CVE-2022-35409 | Not affected | Not consume the affected version. Affected versions are Mbed TLS 2.28.0 to 3.1.0 | Buffer overread in DTLS ClientHello parsing — Mbed TLS documentation |
| CVE-2024-23744 | Not sure it getting affected or not ( As of my understanding this CVE is not affected) | In Nist website, they mentioned issue was discovered in Mbed TLS 3.5.1. | https://github.com/Mbed-TLS/mbedtls/issues/8694 |
| CVE-2024-23775 | affected | Consumes the affected version. Affected versions are Mbed TLS 2.28.6 to 3.5.1 | Buffer overflow in mbedtls_x509_set_extension() |
| CVE-2023-43615 | affected | All versions of Mbed TLS getting affected | Buffer overread in TLS stream cipher suites — Mbed TLS documentation |
| CVE-2023-52353 | yes affected | Already fixed in CryptoPkg_57 | |
| CVE-2021-43666 | Not sure it getting affected or not | This CVE is exits in 3.0.0. not sure about it affects 3.3.0 version also | https://github.com/Mbed-TLS/mbedtls/pull/5155/files |
| CVE-2018-9989 | Not sure it getting affected or not | In Nist website, they mentioned like issue is in before 2.8.0 Mbed TLS version | https://nvd.nist.gov/vuln/detail/CVE-2018-9989 |
| CVE-2021-45451 | Not sure it getting affected or not | In Nist website, they mentioned like issue is in before 3.1.0 Mbed TLS version | |
| CVE-2020-36478 | Not sure it getting affected or not | But they provided the patch based on the Mbed TLS Version 2.25.0. But our Mbed TLS version is 3.3.0 | Add tag check to cert algorithm check · Mbed-TLS/mbedtls@ca17ebf |
| CVE-2018-9988 | Not sure it getting affected or not | But they provided the patch based on the Mbed TLS Version 2.8.0. But our Mbed TLS version is 3.3.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-9988 |
| CVE-2020-36476 | Not sure it getting affected or not | There is no sufficient details for affected and not affected details. | |
| CVE-2021-45450 | Not sure it getting affected or not | There is no sufficient details for affected and not affected details. | |
| CVE-2020-36475 | Not sure it getting affected or not | There is no sufficient details for affected and not affected details. | |
| CVE-2018-0497 | affected | All versions of Mbed TLS from version 1.2 upwards, including all 2.1, 2.7 and later releases |
Mbed TLS Security Advisory 2018-02 |
| CVE-2020-36477 | Not affected | Based on the NIST website information, affected version is 2.24.0. | |
| CVE-2020-10941 | Not sure it getting affected or not | There is no sufficient details for affected and not affected details. | |
| CVE-2024-23170 | affected | Consumes the affected version. Affected versions are Mbed TLS 2.28.6 to 3.5.1 | Timing side channel in private key RSA operations. — Mbed TLS documentation |
| CVE-2020-16150 | affected | All versions of Mbed TLS getting affected | Local side channel attack on classical CBC decryption in (D)TLS |
| CVE-2020-28928 | Not affected | because, we don’t have docker files | https://github.com/apache/apisix-docker/pull/166/files |
You receive all messages sent to this group.
View/Reply Online (#121360) |
|
Mute This Topic
| New Topic
Your Subscription |
Contact Group Owner |
Unsubscribe
[rebecca@openfw.io]