Name of the Vulnerable Software and Affected Versions mbedTLS (affected versions not specified)

Description The issue concerns several security-related problems. One problem is related to the size of calculations performed by mbedtls mpi exp mod, which could lead to a potential denial of service when generating Diffie-Hellman key pairs. Another issue involves the failure of the random generator in mbedtls mpi fill random(), potentially causing failures or the use of non-random values in asymmetric cryptography. Additionally, there is a compliance issue where the library does not properly check the tag on algorithm parameters when comparing signatures. There is also an issue with sensitive data not being properly erased from memory in certain functions, including mbedtls pkcs5 pbkdf2 hmac(), mbedtls internal sha* process(), mbedtls internal md* process(), and mbedtls internal ripemd160 process().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.