PT-2021-6444 · Mbed Tls+3 · Mbed Tls+3

Yuaacindy

Published

2021-11-08

Updated

2025-06-30

CVE-2021-43666

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.0.0 and earlier

Description A Denial of Service issue exists in the mbedtls pkcs12 derivation function when an input password's length is 0. This can be exploited by a remote attacker to cause a denial of service. The mbedtls pkcs12 derivation function is part of the Mbed TLS implementation of TLS and SSL protocols and is affected by errors in handling the length of the input password.

Recommendations For Mbed TLS versions 3.0.0 and earlier, consider updating to a version where this issue is fixed, as using a password with a length of 0 can cause a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-130

Related Identifiers

ALT-PU-2021-3553

ALT-PU-2022-2561

BDU:2022-01625

CVE-2021-43666

DLA-3249-1

DLA-4236-1

Affected Products

Alt Linux

Astra Linux

Debian

Mbed Tls

PT-2021-6444 · Mbed Tls+3 · Mbed Tls+3

CVE-2021-43666

Weakness Enumeration

Related Identifiers

Affected Products

References · 23