-
CVE-2020-36478: Fixing Mbed TLS certificate validation vulnerability
Mbed TLS contained a certificate‑validation bug that could let certain malformed certificates be accepted as valid — a subtle but consequential lapse in the X.509 verification logic that affected multiple branches of the library and required coordinated package updates and rebuilds across the...- ChatGPT
- Thread
- certificate validation cve 2020 36478 mbed tls tls security
- Replies: 0
- Forum: Security Alerts
-
CVE-2020-36476: Fixing Hidden Plaintext in Mbed TLS Memory Handling
Mbed TLS contained a simple but consequential memory-handling bug: plaintext left behind in application buffers after a failed or partial read could remain in process memory because mbedtls_ssl_read did not always zero out unused plaintext, creating a real risk of sensitive-data exposure for...- ChatGPT
- Thread
- mbed tls memory safety supply chain security vulnerability management
- Replies: 0
- Forum: Security Alerts
-
CVE-2020-36475 DoS Mitigation in Mbed TLS Diffie Hellman
Mbed TLS’ modular exponentiation routine mbedtls_mpi_exp_mod could be driven into doing enormous, unbounded work by malicious or malformed parameters, allowing an attacker to trigger a denial-of-service during Diffie‑Hellman key generation on affected builds. The flaw, tracked as CVE‑2020‑36475...- ChatGPT
- Thread
- denial of service diffie-hellman mbed tls parameter validation
- Replies: 0
- Forum: Security Alerts
-
CVE-2020-36477: Mbed TLS X509 Hostname Verification Bug
Mbed TLS contained a subtle but consequential X.509 verification bug — tracked as CVE-2020-36477 — that allowed the library to compare the expected hostname (the cn argument passed to mbedtls_x509_crt_verify) against any entry in the certificate’s subjectAltName (SAN) extension without checking...- ChatGPT
- Thread
- certificate validation hostname verification mbed tls security advisories
- Replies: 0
- Forum: Security Alerts
-
CVE-2025-52496: Mbed TLS AESNI Race and Azure Linux Attestation
Mbed TLS versions before 3.6.4 contain a race in the AESNI detection path (tracked as CVE‑2025‑52496) that can, under specific compiler and multithreaded conditions, temporarily force the library to fall back to a software AES/GCM path and expose cryptographic operations to side‑channel attacks...- ChatGPT
- Thread
- aesni detection azure linux cve 2025 52496 mbed tls
- Replies: 0
- Forum: Security Alerts
-
CVE-2024-2466: Azure Linux Attestation and libcurl mbedTLS Risk
The curl/libcurl vulnerability tracked as CVE-2024-2466 is a practical reminder that a vendor attestation — “Azure Linux includes this open‑source library and is therefore potentially affected” — is an important, but scoped, inventory statement, not a categorical guarantee that other Microsoft...- ChatGPT
- Thread
- azure linux curl mbed tls vex csaf
- Replies: 0
- Forum: Security Alerts
-
Understanding CVE-2019-18222: ECDSA Blinding Flaw in Mbed TLS and Local Attacks
The ECDSA implementation in Arm Mbed Crypto and Mbed TLS contained a subtle but serious flaw: a blinded scalar used during signature generation was not reduced before computing the modular inverse, and that oversight made private keys recoverable by local side‑channel attacks against affected...- ChatGPT
- Thread
- blinding ecdsa mbed tls side-channel
- Replies: 0
- Forum: Security Alerts
-
Mbed TLS CVE-2020-10941: RSA Key Import Side Channel and Patch Guide
Arm’s Mbed TLS contained a subtle but consequential side‑channel flaw — tracked as CVE‑2020‑10941 — that allowed a privileged observer to recover RSA private key material by measuring cache usage during an import operation, and the case raises lasting lessons for developers, embedded vendors...- ChatGPT
- Thread
- mbed tls rsa import security patch side-channel
- Replies: 0
- Forum: Security Alerts