CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

arm

mbed_crypto

4 known vulnerabilities · sorted by CVSS score

CVE-2024-28960

HIGH8.2

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

arm / mbed_crypto+5

Network

Published Mar 29, 2024

CVE-2020-10941

MEDIUM5.9

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

arm / mbed_crypto+4

Network

Published Mar 24, 2020

CVE-2019-16910

MEDIUM5.3

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

arm / mbed_crypto+7

Network

Published Sep 26, 2019

CVE-2019-18222

MEDIUM4.7

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

arm / mbed_crypto+6

Local

Published Jan 23, 2020