Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/mbedtls@2.16.9-0.1

Type deb

Namespace debian

Name mbedtls

Version 2.16.9-0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-1teg-yvuy-4kga

vulnerability_id VCID-1teg-yvuy-4kga

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46392

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.42094
published_at	2026-04-02T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42122
published_at	2026-04-09T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42059
published_at	2026-04-07T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.4211
published_at	2026-04-08T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42143
published_at	2026-04-11T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42106
published_at	2026-04-12T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42081
published_at	2026-04-13T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42133
published_at	2026-04-16T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43805
published_at	2026-04-21T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43872
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/

reference_id

4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/

reference_id

6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/

reference_url	https://security.gentoo.org/glsa/202409-14
reference_id	GLSA-202409-14
reference_type
scores
url	https://security.gentoo.org/glsa/202409-14

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

reference_id

v2.28.2

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0

reference_id

v3.3.0

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

aliases CVE-2022-46392

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1teg-yvuy-4kga

url VCID-5bxk-rknm-zfhc

vulnerability_id VCID-5bxk-rknm-zfhc

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23775

reference_id

reference_type

scores

value	0.00394
scoring_system	epss
scoring_elements	0.6034
published_at	2026-04-21T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60316
published_at	2026-04-09T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60337
published_at	2026-04-11T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60323
published_at	2026-04-12T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60304
published_at	2026-04-13T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60344
published_at	2026-04-16T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60352
published_at	2026-04-18T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60256
published_at	2026-04-02T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60283
published_at	2026-04-04T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60252
published_at	2026-04-07T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60302
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775

reference_url	https://security.gentoo.org/glsa/202409-14
reference_id	GLSA-202409-14
reference_type
scores
url	https://security.gentoo.org/glsa/202409-14

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_id

GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_id

IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/

reference_id

mbedtls-security-advisory-2024-01-2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2024-23775

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bxk-rknm-zfhc

url VCID-5x2e-paq2-nyf9

vulnerability_id VCID-5x2e-paq2-nyf9

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44732

reference_id

reference_type

scores

value	0.00931
scoring_system	epss
scoring_elements	0.76051
published_at	2026-04-01T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76054
published_at	2026-04-02T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76087
published_at	2026-04-04T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76067
published_at	2026-04-07T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76101
published_at	2026-04-08T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76115
published_at	2026-04-09T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.7614
published_at	2026-04-21T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76116
published_at	2026-04-12T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76113
published_at	2026-04-13T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76154
published_at	2026-04-16T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76158
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44732

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631
reference_id	1002631
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

aliases CVE-2021-44732

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5x2e-paq2-nyf9

url VCID-7ppw-f9jy-k7ae

vulnerability_id VCID-7ppw-f9jy-k7ae

summary Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-52497

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.26081
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25957
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26008
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26018
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25918
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25899
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26121
published_at	2026-04-04T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25887
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26249
published_at	2026-04-13T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26308
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27642
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-52497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786
reference_id	1108786
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md

reference_id

mbedtls-security-advisory-2025-06-2.md

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:18:40Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-52497

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ppw-f9jy-k7ae

url VCID-7v3a-5q44-cucz

vulnerability_id VCID-7v3a-5q44-cucz

summary Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48965

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09613
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09562
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13755
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13673
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13806
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13774
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13737
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13688
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18655
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18643
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18673
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790
reference_id	1108790
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md

reference_id

mbedtls-security-advisory-2025-06-6.md

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-48965

risk_score 1.8

exploitability 0.5

weighted_severity 3.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v3a-5q44-cucz

url VCID-8vmc-tp28-wyae

vulnerability_id VCID-8vmc-tp28-wyae

summary In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-24119

reference_id

reference_type

scores

value	0.00677
scoring_system	epss
scoring_elements	0.71535
published_at	2026-04-21T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71468
published_at	2026-04-01T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71475
published_at	2026-04-02T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71492
published_at	2026-04-04T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71464
published_at	2026-04-07T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71505
published_at	2026-04-08T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71517
published_at	2026-04-09T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71539
published_at	2026-04-11T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71524
published_at	2026-04-12T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71506
published_at	2026-04-13T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71552
published_at	2026-04-16T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71557
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-24119

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119

reference_url	https://security.archlinux.org/ASA-202107-27
reference_id	ASA-202107-27
reference_type
scores
url	https://security.archlinux.org/ASA-202107-27

reference_url

https://security.archlinux.org/AVG-2153

reference_id

AVG-2153

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2153

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

aliases CVE-2021-24119

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmc-tp28-wyae

url VCID-98cg-wuhp-qudq

vulnerability_id VCID-98cg-wuhp-qudq

summary Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47917

reference_id

reference_type

scores

value	0.0361
scoring_system	epss
scoring_elements	0.87753
published_at	2026-04-04T12:55:00Z

value	0.0361
scoring_system	epss
scoring_elements	0.87739
published_at	2026-04-02T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88959
published_at	2026-04-18T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88955
published_at	2026-04-21T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88949
published_at	2026-04-12T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88948
published_at	2026-04-13T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88961
published_at	2026-04-16T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.8892
published_at	2026-04-07T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88938
published_at	2026-04-08T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88943
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47917

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791
reference_id	1108791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c
reference_id	CVE-2025-47917
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md

reference_id

mbedtls-security-advisory-2025-06-7.md

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-47917

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98cg-wuhp-qudq

url VCID-f1fz-b8b6-dfb8

vulnerability_id VCID-f1fz-b8b6-dfb8

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23170

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43173
published_at	2026-04-21T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43202
published_at	2026-04-08T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43215
published_at	2026-04-09T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43237
published_at	2026-04-18T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43203
published_at	2026-04-12T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43188
published_at	2026-04-13T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43248
published_at	2026-04-16T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43184
published_at	2026-04-02T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43213
published_at	2026-04-04T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.4315
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170

reference_url	https://security.gentoo.org/glsa/202409-14
reference_id	GLSA-202409-14
reference_type
scores
url	https://security.gentoo.org/glsa/202409-14

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_id

GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_id

IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/

reference_id

mbedtls-security-advisory-2024-01-1

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2024-23170

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1fz-b8b6-dfb8

url VCID-gvkn-6e2m-dyez

vulnerability_id VCID-gvkn-6e2m-dyez

summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27809

reference_id

reference_type

scores

value	0.00081
scoring_system	epss
scoring_elements	0.23706
published_at	2026-04-21T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23731
published_at	2026-04-13T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23741
published_at	2026-04-16T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23729
published_at	2026-04-18T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23872
published_at	2026-04-02T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23912
published_at	2026-04-04T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23701
published_at	2026-04-07T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23771
published_at	2026-04-08T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23818
published_at	2026-04-09T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23832
published_at	2026-04-11T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23788
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id	1101499
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/

reference_id

mbedtls-security-advisory-2025-03-1

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/

reference_url

https://github.com/Mbed-TLS/mbedtls/releases

reference_id

releases

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/

url

https://github.com/Mbed-TLS/mbedtls/releases

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-27809

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvkn-6e2m-dyez

url VCID-k8w1-nrjy-wfbe

vulnerability_id VCID-k8w1-nrjy-wfbe

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35409

reference_id

reference_type

scores

value	0.01661
scoring_system	epss
scoring_elements	0.82015
published_at	2026-04-02T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82037
published_at	2026-04-04T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82031
published_at	2026-04-07T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82058
published_at	2026-04-08T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82065
published_at	2026-04-09T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82085
published_at	2026-04-11T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82075
published_at	2026-04-12T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82067
published_at	2026-04-13T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82101
published_at	2026-04-18T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82103
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35409

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35409
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35409

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

aliases CVE-2022-35409

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8w1-nrjy-wfbe

url VCID-kchn-2wez-bbb2

vulnerability_id VCID-kchn-2wez-bbb2

summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27810

reference_id

reference_type

scores

value	0.00099
scoring_system	epss
scoring_elements	0.26997
published_at	2026-04-21T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27051
published_at	2026-04-13T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.2706
published_at	2026-04-16T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27035
published_at	2026-04-18T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27203
published_at	2026-04-02T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27239
published_at	2026-04-04T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27032
published_at	2026-04-07T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27101
published_at	2026-04-08T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27147
published_at	2026-04-09T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27153
published_at	2026-04-11T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27109
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27810

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id	1101499
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/

reference_id

mbedtls-security-advisory-2025-03-2

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/

reference_url

https://github.com/Mbed-TLS/mbedtls/releases

reference_id

releases

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/

url

https://github.com/Mbed-TLS/mbedtls/releases

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-27810

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kchn-2wez-bbb2

url VCID-pj6w-rufw-nqgd

vulnerability_id VCID-pj6w-rufw-nqgd

summary Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-54764

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03308
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03287
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05464
published_at	2026-04-21T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05381
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05307
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05308
published_at	2026-04-18T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05303
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05334
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05356
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0539
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05412
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-54764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54764

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118750
reference_id	1118750
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118750

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/

reference_id

mbedtls-security-advisory-2025-10-ssbleed-mstep

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T13:52:18Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T13:52:18Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-54764

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pj6w-rufw-nqgd

url VCID-t2j5-4x1d-2kb1

vulnerability_id VCID-t2j5-4x1d-2kb1

summary Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-36647

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12206
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12294
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12276
published_at	2026-04-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12238
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12202
published_at	2026-04-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1209
published_at	2026-04-16T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12093
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12178
published_at	2026-04-01T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.1234
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12139
published_at	2026-04-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12219
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12269
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-36647

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36647
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36647

reference_url

https://kouzili.com/Load-Step.pdf

reference_id

Load-Step.pdf

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/

url

https://kouzili.com/Load-Step.pdf

reference_url

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1

reference_id

mbedtls-security-advisory-2021-07-1

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/

url

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1

reference_url

https://github.com/ARMmbed/mbedtls/releases/

reference_id

releases

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/

url

https://github.com/ARMmbed/mbedtls/releases/

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

aliases CVE-2021-36647

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2j5-4x1d-2kb1

url VCID-vp4q-81cq-33cw

vulnerability_id VCID-vp4q-81cq-33cw

summary Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59438

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.0944
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09457
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12913
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13047
published_at	2026-04-02T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12981
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13032
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12994
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12812
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12815
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13099
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12902
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752
reference_id	1118752
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/

reference_id

mbedtls-security-advisory-2025-10-invalid-padding-error

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-59438

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vp4q-81cq-33cw

url VCID-vs6q-c4ug-xfer

vulnerability_id VCID-vs6q-c4ug-xfer

summary An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28755

reference_id

reference_type

scores

value	0.00127
scoring_system	epss
scoring_elements	0.32036
published_at	2026-04-21T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32037
published_at	2026-04-07T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32088
published_at	2026-04-08T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32117
published_at	2026-04-09T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32121
published_at	2026-04-11T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32083
published_at	2026-04-12T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32052
published_at	2026-04-13T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32086
published_at	2026-04-16T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32064
published_at	2026-04-18T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32176
published_at	2026-04-02T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32214
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28755

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686
reference_id	1077686
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686

reference_url

https://github.com/hey3e

reference_id

hey3e

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://github.com/hey3e

reference_url

https://hey3e.github.io

reference_id

hey3e.github.io

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://hey3e.github.io

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

reference_id

v3.6.0

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2024-28755

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vs6q-c4ug-xfer

url VCID-wsvw-6tmk-3kdj

vulnerability_id VCID-wsvw-6tmk-3kdj

summary mbedtls: Insecure handling of shared memory in PSA Crypto APIs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28960.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28960

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.35561
published_at	2026-04-21T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35665
published_at	2026-04-02T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3569
published_at	2026-04-04T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3557
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35616
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3564
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35649
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35605
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35582
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35621
published_at	2026-04-16T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35611
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2272172
reference_id	2272172
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2272172

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/

reference_id

5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/

reference_id

6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md

reference_id

mbedtls-security-advisory-2024-03.md

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/

reference_id

NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2024-28960

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsvw-6tmk-3kdj

url VCID-x5we-9dmz-p7bh

vulnerability_id VCID-x5we-9dmz-p7bh

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43666

reference_id

reference_type

scores

value	0.00713
scoring_system	epss
scoring_elements	0.72342
published_at	2026-04-21T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72263
published_at	2026-04-02T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72302
published_at	2026-04-13T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72345
published_at	2026-04-16T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72354
published_at	2026-04-18T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72257
published_at	2026-04-01T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72283
published_at	2026-04-04T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72259
published_at	2026-04-07T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72297
published_at	2026-04-08T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.7231
published_at	2026-04-09T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72332
published_at	2026-04-11T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72316
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43666

reference_url

https://github.com/ARMmbed/mbedtls/issues/5136

reference_id

5136

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:50:55Z/

url

https://github.com/ARMmbed/mbedtls/issues/5136

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

aliases CVE-2021-43666

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5we-9dmz-p7bh

url VCID-zpq1-dwvf-8ka2

vulnerability_id VCID-zpq1-dwvf-8ka2

summary Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-52496

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09086
published_at	2026-04-02T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09059
published_at	2026-04-07T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0917
published_at	2026-04-11T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09375
published_at	2026-04-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0936
published_at	2026-04-13T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09139
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11445
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11293
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-52496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785
reference_id	1108785
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md

reference_id

mbedtls-security-advisory-2025-06-1.md

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-08T14:07:04Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@2.28.3-1

purl pkg:deb/debian/mbedtls@2.28.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1

aliases CVE-2025-52496

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpq1-dwvf-8ka2

Fixing_vulnerabilities

url VCID-4y36-8tq3-abg6

vulnerability_id VCID-4y36-8tq3-abg6

summary An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10932

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14553
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14483
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14488
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14646
published_at	2026-04-01T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14696
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1477
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14576
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14665
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14725
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14685
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14647
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14591
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10932

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932

reference_url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/

reference_url	https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

reference_url	https://tls.mbed.org/tech-updates/security-advisories
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159
reference_id	963159
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159

reference_url	https://security.archlinux.org/ASA-202007-5
reference_id	ASA-202007-5
reference_type
scores
url	https://security.archlinux.org/ASA-202007-5

reference_url

https://security.archlinux.org/AVG-1141

reference_id

AVG-1141

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10932

reference_id

CVE-2020-10932

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:N/A:N

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10932

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-10932

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4y36-8tq3-abg6

url VCID-5e8e-tdjb-f7c4

vulnerability_id VCID-5e8e-tdjb-f7c4

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36425

reference_id

reference_type

scores

value	0.00592
scoring_system	epss
scoring_elements	0.69161
published_at	2026-04-01T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69177
published_at	2026-04-02T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69198
published_at	2026-04-04T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69179
published_at	2026-04-07T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69229
published_at	2026-04-08T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69248
published_at	2026-04-09T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6927
published_at	2026-04-11T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69256
published_at	2026-04-12T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69227
published_at	2026-04-13T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69266
published_at	2026-04-16T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69274
published_at	2026-04-18T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69254
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36425

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5e8e-tdjb-f7c4

url VCID-71u1-k3yx-pfgx

vulnerability_id VCID-71u1-k3yx-pfgx

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36421

reference_id

reference_type

scores

value	0.00516
scoring_system	epss
scoring_elements	0.66574
published_at	2026-04-01T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66614
published_at	2026-04-02T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.6664
published_at	2026-04-04T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66611
published_at	2026-04-07T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66659
published_at	2026-04-08T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66673
published_at	2026-04-09T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66692
published_at	2026-04-11T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66679
published_at	2026-04-12T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66647
published_at	2026-04-13T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66682
published_at	2026-04-16T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66696
published_at	2026-04-18T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66681
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421

reference_url

https://github.com/ARMmbed/mbedtls/issues/3394

reference_id

3394

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://github.com/ARMmbed/mbedtls/issues/3394

reference_url

https://bugs.gentoo.org/730752

reference_id

730752

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://bugs.gentoo.org/730752

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

reference_url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7

reference_id

v2.16.7

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7

reference_url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0

reference_id

v2.23.0

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36421

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71u1-k3yx-pfgx

url VCID-9236-axrw-8qc4

vulnerability_id VCID-9236-axrw-8qc4

summary Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10941

reference_id

reference_type

scores

value	0.00705
scoring_system	epss
scoring_elements	0.72136
published_at	2026-04-21T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.7215
published_at	2026-04-18T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72057
published_at	2026-04-01T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72063
published_at	2026-04-02T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72084
published_at	2026-04-04T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.7206
published_at	2026-04-07T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72098
published_at	2026-04-08T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72109
published_at	2026-04-09T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72132
published_at	2026-04-11T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72117
published_at	2026-04-12T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72102
published_at	2026-04-13T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72142
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941

reference_url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto::::::::
reference_id	cpe:2.3:a:arm:mbed_crypto::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10941

reference_id

CVE-2020-10941

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10941

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-10941

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9236-axrw-8qc4

url VCID-987j-wtrr-7beu

vulnerability_id VCID-987j-wtrr-7beu

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36424

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32626
published_at	2026-04-01T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32761
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32797
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32618
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32665
published_at	2026-04-16T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32691
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32692
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32655
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32627
published_at	2026-04-13T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32642
published_at	2026-04-18T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32612
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36424

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-987j-wtrr-7beu

url VCID-ewrv-m6gm-y7hc

vulnerability_id VCID-ewrv-m6gm-y7hc

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-16150

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.22867
published_at	2026-04-01T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22994
published_at	2026-04-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23012
published_at	2026-04-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-12T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.2292
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23036
published_at	2026-04-02T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23081
published_at	2026-04-04T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.2287
published_at	2026-04-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22942
published_at	2026-04-08T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23107
published_at	2026-04-18T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.2307
published_at	2026-04-21T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23115
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-16150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806
reference_id	972806
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806

reference_url	https://security.archlinux.org/ASA-202101-7
reference_id	ASA-202101-7
reference_type
scores
url	https://security.archlinux.org/ASA-202101-7

reference_url

https://security.archlinux.org/AVG-1386

reference_id

AVG-1386

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1386

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-16150
reference_id	CVE-2020-16150
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-16150

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-16150

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewrv-m6gm-y7hc

url VCID-g7w2-d16t-8bd9

vulnerability_id VCID-g7w2-d16t-8bd9

summary The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18222

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31845
published_at	2026-04-21T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31858
published_at	2026-04-01T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31986
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32027
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31847
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31899
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31928
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31933
published_at	2026-04-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31893
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.3186
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31871
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222

reference_url	https://security.archlinux.org/ASA-202003-7
reference_id	ASA-202003-7
reference_type
scores
url	https://security.archlinux.org/ASA-202003-7

reference_url

https://security.archlinux.org/AVG-1104

reference_id

AVG-1104

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1104

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2019-18222

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7w2-d16t-8bd9

url VCID-jcnd-yb5z-p7d3

vulnerability_id VCID-jcnd-yb5z-p7d3

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36422

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.5662
published_at	2026-04-01T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56716
published_at	2026-04-02T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56737
published_at	2026-04-04T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56715
published_at	2026-04-07T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56766
published_at	2026-04-08T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56771
published_at	2026-04-09T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.5678
published_at	2026-04-11T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56757
published_at	2026-04-12T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56736
published_at	2026-04-13T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56767
published_at	2026-04-16T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56764
published_at	2026-04-18T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56738
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36422

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcnd-yb5z-p7d3

url VCID-rqxq-rqxu-4fes

vulnerability_id VCID-rqxq-rqxu-4fes

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36475

reference_id

reference_type

scores

value	0.00979
scoring_system	epss
scoring_elements	0.7669
published_at	2026-04-01T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76694
published_at	2026-04-02T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76723
published_at	2026-04-04T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76705
published_at	2026-04-07T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76737
published_at	2026-04-08T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76748
published_at	2026-04-13T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76776
published_at	2026-04-11T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76756
published_at	2026-04-12T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76789
published_at	2026-04-16T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76794
published_at	2026-04-18T12:55:00Z

value	0.00979
scoring_system	epss
scoring_elements	0.76785
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36475

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36475

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqxq-rqxu-4fes

url VCID-s1qx-e7uw-c3eq

vulnerability_id VCID-s1qx-e7uw-c3eq

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36476

reference_id

reference_type

scores

value	0.00679
scoring_system	epss
scoring_elements	0.71525
published_at	2026-04-01T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71532
published_at	2026-04-02T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71549
published_at	2026-04-04T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71522
published_at	2026-04-07T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71562
published_at	2026-04-13T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71573
published_at	2026-04-09T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71596
published_at	2026-04-11T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.7158
published_at	2026-04-12T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71606
published_at	2026-04-16T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71611
published_at	2026-04-18T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71591
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36476

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36476

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1qx-e7uw-c3eq

url VCID-svsq-har4-dyen

vulnerability_id VCID-svsq-har4-dyen

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36423

reference_id

reference_type

scores

value	0.004
scoring_system	epss
scoring_elements	0.60748
published_at	2026-04-12T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.60729
published_at	2026-04-13T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.60703
published_at	2026-04-04T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.60673
published_at	2026-04-07T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.60722
published_at	2026-04-08T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.60737
published_at	2026-04-09T12:55:00Z

value	0.004
scoring_system	epss
scoring_elements	0.60761
published_at	2026-04-11T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71198
published_at	2026-04-21T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71128
published_at	2026-04-02T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71213
published_at	2026-04-16T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.7122
published_at	2026-04-18T12:55:00Z

value	0.00663
scoring_system	epss
scoring_elements	0.71118
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36423

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36423
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36423

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36423

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svsq-har4-dyen

url VCID-x682-agtt-myf1

vulnerability_id VCID-x682-agtt-myf1

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36478

reference_id

reference_type

scores

value	0.00518
scoring_system	epss
scoring_elements	0.66677
published_at	2026-04-01T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66717
published_at	2026-04-02T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66743
published_at	2026-04-04T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66716
published_at	2026-04-07T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66764
published_at	2026-04-08T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.6678
published_at	2026-04-09T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.668
published_at	2026-04-11T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66787
published_at	2026-04-12T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66757
published_at	2026-04-13T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66791
published_at	2026-04-16T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66805
published_at	2026-04-18T12:55:00Z

value	0.00518
scoring_system	epss
scoring_elements	0.66788
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36478

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36478
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36478

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36478

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x682-agtt-myf1

url VCID-ydp2-phc9-m7b1

vulnerability_id VCID-ydp2-phc9-m7b1

summary Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16910

reference_id

reference_type

scores

value	0.00925
scoring_system	epss
scoring_elements	0.76045
published_at	2026-04-21T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76061
published_at	2026-04-18T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.75959
published_at	2026-04-01T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.75962
published_at	2026-04-02T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.75994
published_at	2026-04-04T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.75974
published_at	2026-04-07T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76006
published_at	2026-04-08T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76021
published_at	2026-04-09T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76046
published_at	2026-04-11T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76023
published_at	2026-04-12T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76018
published_at	2026-04-13T12:55:00Z

value	0.00925
scoring_system	epss
scoring_elements	0.76058
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910

reference_url	https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd
reference_id
reference_type
scores
url	https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd

reference_url	https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b
reference_id
reference_type
scores
url	https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b

reference_url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265
reference_id	941265
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto::::::::
reference_id	cpe:2.3:a:arm:mbed_crypto::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16910

reference_id

CVE-2019-16910

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16910

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2019-16910

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydp2-phc9-m7b1

url VCID-zyge-82z3-33eq

vulnerability_id VCID-zyge-82z3-33eq

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36426

reference_id

reference_type

scores

value	0.01037
scoring_system	epss
scoring_elements	0.77434
published_at	2026-04-21T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77443
published_at	2026-04-16T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77442
published_at	2026-04-18T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77381
published_at	2026-04-04T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77362
published_at	2026-04-07T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77392
published_at	2026-04-08T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77401
published_at	2026-04-09T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77427
published_at	2026-04-11T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77407
published_at	2026-04-12T12:55:00Z

value	0.01037
scoring_system	epss
scoring_elements	0.77404
published_at	2026-04-13T12:55:00Z

value	0.01043
scoring_system	epss
scoring_elements	0.77417
published_at	2026-04-02T12:55:00Z

value	0.01043
scoring_system	epss
scoring_elements	0.7741
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36426

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36426
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36426

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1

purl pkg:deb/debian/mbedtls@2.16.9-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1teg-yvuy-4kga

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-5x2e-paq2-nyf9

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-8vmc-tp28-wyae

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-t2j5-4x1d-2kb1

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-x5we-9dmz-p7bh

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

aliases CVE-2020-36426

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyge-82z3-33eq

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1

Package Instance