PT-2024-41045 — Mbed Tls Mbed Tls

PT-2024-41045 · Mbed Tls · Mbed Tls

Published

2024-02-14

Updated

2024-02-14

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions mbedtls versions 2.28.3 through 2.28.6

Description The issue concerns a buffer overread in TLS stream cipher suites, a timing side channel in private key RSA operations, and a buffer overflow in mbedtls x509 set extension.

Recommendations For mbedtls versions 2.28.3 through 2.28.6, update to version 2.28.7 to fix the security vulnerabilities.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

MGASA-2024-0037

Affected Products

Mbed Tls