Package Instance

reference_id

releases

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

reference_url

reference_id

security-advisories

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

fixed_packages

aliases

CVE-2024-45157

risk_score

2.3

exploitability

0.5

weighted_severity

4.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4sbv-dqyv-6baw

url VCID-5bxk-rknm-zfhc

vulnerability_id VCID-5bxk-rknm-zfhc

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23775

reference_id

reference_type

scores

value	0.00394
scoring_system	epss
scoring_elements	0.6034
published_at	2026-04-21T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60316
published_at	2026-04-09T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60337
published_at	2026-04-11T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60323
published_at	2026-04-12T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60304
published_at	2026-04-13T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60344
published_at	2026-04-16T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60352
published_at	2026-04-18T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60256
published_at	2026-04-02T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60283
published_at	2026-04-04T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60252
published_at	2026-04-07T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60302
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775

reference_url	https://security.gentoo.org/glsa/202409-14
reference_id	GLSA-202409-14
reference_type
scores
url	https://security.gentoo.org/glsa/202409-14

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_id

GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_id

IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/

reference_id

mbedtls-security-advisory-2024-01-2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url	pkg:deb/debian/mbedtls@2.28.7-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.28.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.7-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-23775

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bxk-rknm-zfhc

url VCID-7ppw-f9jy-k7ae

vulnerability_id VCID-7ppw-f9jy-k7ae

summary Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-52497

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.26081
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25957
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26008
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26018
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25918
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25899
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26121
published_at	2026-04-04T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25887
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26249
published_at	2026-04-13T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26308
published_at	2026-04-12T12:55:00Z

value	0.001
scoring_system	epss
scoring_elements	0.27642
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-52497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786
reference_id	1108786
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md

reference_id

mbedtls-security-advisory-2025-06-2.md

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:18:40Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-52497

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ppw-f9jy-k7ae

url VCID-7v3a-5q44-cucz

vulnerability_id VCID-7v3a-5q44-cucz

summary Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-48965

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09613
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09562
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13755
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13673
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13806
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13774
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13737
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13688
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18655
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18643
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18673
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-48965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790
reference_id	1108790
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md

reference_id

mbedtls-security-advisory-2025-06-6.md

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-48965

risk_score 1.8

exploitability 0.5

weighted_severity 3.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v3a-5q44-cucz

url VCID-98cg-wuhp-qudq

vulnerability_id VCID-98cg-wuhp-qudq

summary Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47917

reference_id

reference_type

scores

value	0.0361
scoring_system	epss
scoring_elements	0.87753
published_at	2026-04-04T12:55:00Z

value	0.0361
scoring_system	epss
scoring_elements	0.87739
published_at	2026-04-02T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88959
published_at	2026-04-18T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88955
published_at	2026-04-21T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88949
published_at	2026-04-12T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88948
published_at	2026-04-13T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88961
published_at	2026-04-16T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.8892
published_at	2026-04-07T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88938
published_at	2026-04-08T12:55:00Z

value	0.04351
scoring_system	epss
scoring_elements	0.88943
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47917

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791
reference_id	1108791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c
reference_id	CVE-2025-47917
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md

reference_id

mbedtls-security-advisory-2025-06-7.md

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	8.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-47917

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98cg-wuhp-qudq

url VCID-f1fz-b8b6-dfb8

vulnerability_id VCID-f1fz-b8b6-dfb8

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23170

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43173
published_at	2026-04-21T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43202
published_at	2026-04-08T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43215
published_at	2026-04-09T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43237
published_at	2026-04-18T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43203
published_at	2026-04-12T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43188
published_at	2026-04-13T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43248
published_at	2026-04-16T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43184
published_at	2026-04-02T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43213
published_at	2026-04-04T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.4315
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170

reference_url	https://security.gentoo.org/glsa/202409-14
reference_id	GLSA-202409-14
reference_type
scores
url	https://security.gentoo.org/glsa/202409-14

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_id

GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_id

IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/

reference_id

mbedtls-security-advisory-2024-01-1

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/

fixed_packages

url	pkg:deb/debian/mbedtls@2.28.7-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.28.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.7-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-23170

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1fz-b8b6-dfb8

url VCID-gvkn-6e2m-dyez

vulnerability_id VCID-gvkn-6e2m-dyez

summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27809

reference_id

reference_type

scores

value	0.00081
scoring_system	epss
scoring_elements	0.23706
published_at	2026-04-21T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23731
published_at	2026-04-13T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23741
published_at	2026-04-16T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23729
published_at	2026-04-18T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23872
published_at	2026-04-02T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23912
published_at	2026-04-04T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23701
published_at	2026-04-07T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23771
published_at	2026-04-08T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23818
published_at	2026-04-09T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23832
published_at	2026-04-11T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23788
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id	1101499
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/

reference_id

mbedtls-security-advisory-2025-03-1

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/

reference_url

reference_id

releases

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27810

fixed_packages

url	pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-27809

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvkn-6e2m-dyez

url VCID-kchn-2wez-bbb2

vulnerability_id VCID-kchn-2wez-bbb2

summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

references

reference_url

reference_id

reference_type

scores

value	0.00099
scoring_system	epss
scoring_elements	0.26997
published_at	2026-04-21T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27051
published_at	2026-04-13T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.2706
published_at	2026-04-16T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27035
published_at	2026-04-18T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27203
published_at	2026-04-02T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27239
published_at	2026-04-04T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27032
published_at	2026-04-07T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27101
published_at	2026-04-08T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27147
published_at	2026-04-09T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27153
published_at	2026-04-11T12:55:00Z

value	0.00099
scoring_system	epss
scoring_elements	0.27109
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27810

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
reference_id	1101499
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/

reference_id

mbedtls-security-advisory-2025-03-2

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/

reference_url

reference_id

releases

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2025-54764

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url	pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-27810

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kchn-2wez-bbb2

url VCID-pj6w-rufw-nqgd

vulnerability_id VCID-pj6w-rufw-nqgd

summary Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

references

reference_url

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03308
published_at	2026-04-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03287
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05464
published_at	2026-04-21T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05381
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05307
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05308
published_at	2026-04-18T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05303
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05334
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05356
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0539
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05412
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-54764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54764

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118750
reference_id	1118750
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118750

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/

reference_id

mbedtls-security-advisory-2025-10-ssbleed-mstep

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T13:52:18Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T13:52:18Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-54764

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pj6w-rufw-nqgd

url VCID-vp4q-81cq-33cw

vulnerability_id VCID-vp4q-81cq-33cw

summary Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59438

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.0944
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09457
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12913
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13047
published_at	2026-04-02T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12981
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13032
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12994
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12812
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12815
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13099
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12902
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752
reference_id	1118752
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/

reference_id

mbedtls-security-advisory-2025-10-invalid-padding-error

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

fixed_packages

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-59438

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vp4q-81cq-33cw

url VCID-vs6q-c4ug-xfer

vulnerability_id VCID-vs6q-c4ug-xfer

summary An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28755

reference_id

reference_type

scores

value	0.00127
scoring_system	epss
scoring_elements	0.32036
published_at	2026-04-21T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32037
published_at	2026-04-07T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32088
published_at	2026-04-08T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32117
published_at	2026-04-09T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32121
published_at	2026-04-11T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32083
published_at	2026-04-12T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32052
published_at	2026-04-13T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32086
published_at	2026-04-16T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32064
published_at	2026-04-18T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32176
published_at	2026-04-02T12:55:00Z

value	0.00127
scoring_system	epss
scoring_elements	0.32214
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28755

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686
reference_id	1077686
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686

reference_url

https://github.com/hey3e

reference_id

hey3e

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://github.com/hey3e

reference_url

https://hey3e.github.io

reference_id

hey3e.github.io

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://hey3e.github.io

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

reference_id

v3.6.0

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

fixed_packages

url	pkg:deb/debian/mbedtls@3.6.0-3?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.0-3%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-28755

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vs6q-c4ug-xfer

url VCID-wsvw-6tmk-3kdj

vulnerability_id VCID-wsvw-6tmk-3kdj

summary mbedtls: Insecure handling of shared memory in PSA Crypto APIs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28960.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28960

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.35561
published_at	2026-04-21T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35665
published_at	2026-04-02T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3569
published_at	2026-04-04T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3557
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35616
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3564
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35649
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35605
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35582
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35621
published_at	2026-04-16T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35611
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2272172
reference_id	2272172
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2272172

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/

reference_id

5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/

reference_id

6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md

reference_id

mbedtls-security-advisory-2024-03.md

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/

reference_id

NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

fixed_packages

url	pkg:deb/debian/mbedtls@2.28.8-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.28.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.8-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-28960

risk_score 3.7

exploitability 0.5

weighted_severity 7.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsvw-6tmk-3kdj

url VCID-zpq1-dwvf-8ka2

vulnerability_id VCID-zpq1-dwvf-8ka2

summary Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-52496

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09086
published_at	2026-04-02T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09059
published_at	2026-04-07T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0917
published_at	2026-04-11T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09375
published_at	2026-04-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.0936
published_at	2026-04-13T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09139
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11445
published_at	2026-04-21T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11293
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-52496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785
reference_id	1108785
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md

reference_id

mbedtls-security-advisory-2025-06-1.md

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-08T14:07:04Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2025-52496

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpq1-dwvf-8ka2

Fixing_vulnerabilities

url VCID-1teg-yvuy-4kga

vulnerability_id VCID-1teg-yvuy-4kga

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-46392

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.42094
published_at	2026-04-02T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42122
published_at	2026-04-09T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42059
published_at	2026-04-07T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.4211
published_at	2026-04-08T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42143
published_at	2026-04-11T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42106
published_at	2026-04-12T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42081
published_at	2026-04-13T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42133
published_at	2026-04-16T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43805
published_at	2026-04-21T12:55:00Z

value	0.00213
scoring_system	epss
scoring_elements	0.43872
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-46392

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/

reference_id

4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/

reference_id

6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/

reference_url	https://security.gentoo.org/glsa/202409-14
reference_id	GLSA-202409-14
reference_type
scores
url	https://security.gentoo.org/glsa/202409-14

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

reference_id

v2.28.2

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0

reference_id

v3.3.0

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@2.28.2-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.28.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.2-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2022-46392

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1teg-yvuy-4kga

url VCID-33uw-hd5z-g7dq

vulnerability_id VCID-33uw-hd5z-g7dq

summary An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45158

reference_id

reference_type

scores

value	0.00681
scoring_system	epss
scoring_elements	0.7163
published_at	2026-04-21T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71598
published_at	2026-04-13T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71609
published_at	2026-04-09T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71632
published_at	2026-04-11T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71616
published_at	2026-04-12T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71643
published_at	2026-04-16T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71647
published_at	2026-04-18T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71568
published_at	2026-04-02T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71585
published_at	2026-04-04T12:55:00Z

value	0.00681
scoring_system	epss
scoring_elements	0.71558
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45158

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/

reference_id

mbedtls-security-advisory-2024-08-2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/

reference_url

reference_id

releases

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

reference_url

reference_id

security-advisories

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-45158

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33uw-hd5z-g7dq

url VCID-44ju-rrx6-rkcy

vulnerability_id VCID-44ju-rrx6-rkcy

summary ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-9989

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.60751
published_at	2026-04-01T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60824
published_at	2026-04-02T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60852
published_at	2026-04-04T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60816
published_at	2026-04-07T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60865
published_at	2026-04-08T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60881
published_at	2026-04-09T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60903
published_at	2026-04-11T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60889
published_at	2026-04-12T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.6087
published_at	2026-04-13T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60912
published_at	2026-04-16T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60916
published_at	2026-04-18T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60901
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-9989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989

fixed_packages

url	pkg:deb/debian/mbedtls@2.8.0-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.8.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.8.0-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2018-9989

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44ju-rrx6-rkcy

url VCID-4y36-8tq3-abg6

vulnerability_id VCID-4y36-8tq3-abg6

summary An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10932

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14553
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14483
published_at	2026-04-16T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14488
published_at	2026-04-18T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14646
published_at	2026-04-01T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14696
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.1477
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14576
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14665
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14725
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14685
published_at	2026-04-11T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14647
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14591
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10932

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932

reference_url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/

reference_url	https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

reference_url	https://tls.mbed.org/tech-updates/security-advisories
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159
reference_id	963159
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159

reference_url	https://security.archlinux.org/ASA-202007-5
reference_id	ASA-202007-5
reference_type
scores
url	https://security.archlinux.org/ASA-202007-5

reference_url

https://security.archlinux.org/AVG-1141

reference_id

AVG-1141

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10932

reference_id

CVE-2020-10932

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:N/A:N

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10932

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2020-10932

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4y36-8tq3-abg6

url VCID-5e8e-tdjb-f7c4

vulnerability_id VCID-5e8e-tdjb-f7c4

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36425

reference_id

reference_type

scores

value	0.00592
scoring_system	epss
scoring_elements	0.69161
published_at	2026-04-01T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69177
published_at	2026-04-02T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69198
published_at	2026-04-04T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69179
published_at	2026-04-07T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69229
published_at	2026-04-08T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69248
published_at	2026-04-09T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.6927
published_at	2026-04-11T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69256
published_at	2026-04-12T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69227
published_at	2026-04-13T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69266
published_at	2026-04-16T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69274
published_at	2026-04-18T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69254
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36425

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2020-36425

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5e8e-tdjb-f7c4

url VCID-5x2e-paq2-nyf9

vulnerability_id VCID-5x2e-paq2-nyf9

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44732

reference_id

reference_type

scores

value	0.00931
scoring_system	epss
scoring_elements	0.76051
published_at	2026-04-01T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76054
published_at	2026-04-02T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76087
published_at	2026-04-04T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76067
published_at	2026-04-07T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76101
published_at	2026-04-08T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76115
published_at	2026-04-09T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.7614
published_at	2026-04-21T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76116
published_at	2026-04-12T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76113
published_at	2026-04-13T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76154
published_at	2026-04-16T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76158
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44732

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631
reference_id	1002631
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

reference_url	https://usn.ubuntu.com/8123-1/
reference_id	USN-8123-1
reference_type
scores
url	https://usn.ubuntu.com/8123-1/

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@2.28.0-0.3?distro=trixie
purl	pkg:deb/debian/mbedtls@2.28.0-0.3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.0-0.3%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2021-44732

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5x2e-paq2-nyf9

url VCID-64rr-rrmq-nkh6

vulnerability_id VCID-64rr-rrmq-nkh6

summary In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-30166

reference_id

reference_type

scores

value	0.00348
scoring_system	epss
scoring_elements	0.57385
published_at	2026-04-18T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57404
published_at	2026-04-11T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57384
published_at	2026-04-12T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57363
published_at	2026-04-21T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.5739
published_at	2026-04-16T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57336
published_at	2026-04-02T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57358
published_at	2026-04-04T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57335
published_at	2026-04-07T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57386
published_at	2026-04-08T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57389
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-30166

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:09:37Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

reference_id

v3.6.0

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:09:37Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-30166

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64rr-rrmq-nkh6

url VCID-71u1-k3yx-pfgx

vulnerability_id VCID-71u1-k3yx-pfgx

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36421

reference_id

reference_type

scores

value	0.00516
scoring_system	epss
scoring_elements	0.66574
published_at	2026-04-01T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66614
published_at	2026-04-02T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.6664
published_at	2026-04-04T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66611
published_at	2026-04-07T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66659
published_at	2026-04-08T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66673
published_at	2026-04-09T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66692
published_at	2026-04-11T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66679
published_at	2026-04-12T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66647
published_at	2026-04-13T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66682
published_at	2026-04-16T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66696
published_at	2026-04-18T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66681
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36421

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421

reference_url

https://github.com/ARMmbed/mbedtls/issues/3394

reference_id

3394

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://github.com/ARMmbed/mbedtls/issues/3394

reference_url

https://bugs.gentoo.org/730752

reference_id

730752

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://bugs.gentoo.org/730752

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

reference_url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7

reference_id

v2.16.7

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7

reference_url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0

reference_id

v2.23.0

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/

url

https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2020-36421

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71u1-k3yx-pfgx

url VCID-84ba-26t7-eyf8

vulnerability_id VCID-84ba-26t7-eyf8

summary An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23744

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.15151
published_at	2026-04-21T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15093
published_at	2026-04-16T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15101
published_at	2026-04-18T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15301
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15371
published_at	2026-04-04T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15174
published_at	2026-04-07T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15263
published_at	2026-04-08T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15313
published_at	2026-04-09T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15283
published_at	2026-04-11T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15245
published_at	2026-04-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15179
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23744

reference_url

https://github.com/Mbed-TLS/mbedtls/issues/8694

reference_id

8694

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T17:45:29Z/

url

https://github.com/Mbed-TLS/mbedtls/issues/8694

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-23744

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84ba-26t7-eyf8

url VCID-8vmc-tp28-wyae

vulnerability_id VCID-8vmc-tp28-wyae

summary In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-24119

reference_id

reference_type

scores

value	0.00677
scoring_system	epss
scoring_elements	0.71535
published_at	2026-04-21T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71468
published_at	2026-04-01T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71475
published_at	2026-04-02T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71492
published_at	2026-04-04T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71464
published_at	2026-04-07T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71505
published_at	2026-04-08T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71517
published_at	2026-04-09T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71539
published_at	2026-04-11T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71524
published_at	2026-04-12T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71506
published_at	2026-04-13T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71552
published_at	2026-04-16T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71557
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-24119

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119

reference_url	https://security.archlinux.org/ASA-202107-27
reference_id	ASA-202107-27
reference_type
scores
url	https://security.archlinux.org/ASA-202107-27

reference_url

https://security.archlinux.org/AVG-2153

reference_id

AVG-2153

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2153

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@2.16.11-0.1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.16.11-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.11-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2021-24119

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmc-tp28-wyae

url VCID-9236-axrw-8qc4

vulnerability_id VCID-9236-axrw-8qc4

summary Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10941

reference_id

reference_type

scores

value	0.00705
scoring_system	epss
scoring_elements	0.72136
published_at	2026-04-21T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.7215
published_at	2026-04-18T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72057
published_at	2026-04-01T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72063
published_at	2026-04-02T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72084
published_at	2026-04-04T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.7206
published_at	2026-04-07T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72098
published_at	2026-04-08T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72109
published_at	2026-04-09T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72132
published_at	2026-04-11T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72117
published_at	2026-04-12T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72102
published_at	2026-04-13T12:55:00Z

value	0.00705
scoring_system	epss
scoring_elements	0.72142
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941

reference_url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto::::::::
reference_id	cpe:2.3:a:arm:mbed_crypto::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10941

reference_id

CVE-2020-10941

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10941

fixed_packages

url	pkg:deb/debian/mbedtls@2.16.5-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.16.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.5-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2020-10941

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9236-axrw-8qc4

url VCID-9615-yuce-qye3

vulnerability_id VCID-9615-yuce-qye3

summary Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-49195

reference_id

reference_type

scores

value	0.00996
scoring_system	epss
scoring_elements	0.76978
published_at	2026-04-21T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76967
published_at	2026-04-11T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76946
published_at	2026-04-12T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76942
published_at	2026-04-13T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76983
published_at	2026-04-16T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76985
published_at	2026-04-18T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76885
published_at	2026-04-02T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76915
published_at	2026-04-04T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76897
published_at	2026-04-07T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76929
published_at	2026-04-08T12:55:00Z

value	0.00996
scoring_system	epss
scoring_elements	0.76939
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-49195

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/

reference_id

mbedtls-security-advisory-2024-10-1

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T17:16:25Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T17:16:25Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@3.6.2-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.2-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-49195

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9615-yuce-qye3

url VCID-987j-wtrr-7beu

vulnerability_id VCID-987j-wtrr-7beu

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36424

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32626
published_at	2026-04-01T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32761
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32797
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32618
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32665
published_at	2026-04-16T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32691
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32692
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32655
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32627
published_at	2026-04-13T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32642
published_at	2026-04-18T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32612
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2020-36424

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-987j-wtrr-7beu

url VCID-aw5s-tfkx-6ffv

vulnerability_id VCID-aw5s-tfkx-6ffv

summary Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19608

reference_id

reference_type

scores

value	0.0024
scoring_system	epss
scoring_elements	0.4701
published_at	2026-04-01T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47047
published_at	2026-04-02T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47066
published_at	2026-04-04T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47014
published_at	2026-04-07T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47069
published_at	2026-04-21T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47065
published_at	2026-04-09T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47088
published_at	2026-04-11T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47062
published_at	2026-04-12T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47126
published_at	2026-04-16T12:55:00Z

value	0.0024
scoring_system	epss
scoring_elements	0.47121
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915796
reference_id	915796
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915796

fixed_packages

url	pkg:deb/debian/mbedtls@2.14.1-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.14.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.14.1-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2018-19608

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aw5s-tfkx-6ffv

url VCID-cbdd-4dr5-53f6

vulnerability_id VCID-cbdd-4dr5-53f6

summary security update

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8036

reference_id

reference_type

scores

value	0.01445
scoring_system	epss
scoring_elements	0.80781
published_at	2026-04-21T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80685
published_at	2026-04-01T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80694
published_at	2026-04-02T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80715
published_at	2026-04-04T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80711
published_at	2026-04-07T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.8074
published_at	2026-04-08T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80748
published_at	2026-04-09T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80765
published_at	2026-04-11T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80749
published_at	2026-04-12T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80741
published_at	2026-04-13T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.80778
published_at	2026-04-16T12:55:00Z

value	0.01445
scoring_system	epss
scoring_elements	0.8078
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036

reference_url	https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf
reference_id
reference_type
scores
url	https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf

reference_url	https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
reference_id
reference_type
scores
url	https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01

reference_url	http://www.debian.org/security/2016/dsa-3468
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3468

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl::::::::
reference_id	cpe:2.3:a:polarssl:polarssl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8036

reference_id

CVE-2015-8036

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8036

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2015-8036

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdd-4dr5-53f6

url VCID-ct4s-c1rd-suhj

vulnerability_id VCID-ct4s-c1rd-suhj

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-45450

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.2175
published_at	2026-04-01T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21914
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21967
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21733
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.2181
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21866
published_at	2026-04-09T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21877
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21837
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21779
published_at	2026-04-13T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21781
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21787
published_at	2026-04-18T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21752
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-45450

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2021-45450

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ct4s-c1rd-suhj

url VCID-d8d5-v1dc-kyfp

vulnerability_id VCID-d8d5-v1dc-kyfp

summary An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-52353

reference_id

reference_type

scores

value	0.00052
scoring_system	epss
scoring_elements	0.16473
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.1636
published_at	2026-04-13T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16296
published_at	2026-04-16T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16316
published_at	2026-04-18T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16536
published_at	2026-04-04T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16332
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16418
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16477
published_at	2026-04-09T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16461
published_at	2026-04-11T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16421
published_at	2026-04-12T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.16809
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-52353

reference_url

https://github.com/Mbed-TLS/mbedtls/issues/8654

reference_id

8654

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:18:23Z/

url

https://github.com/Mbed-TLS/mbedtls/issues/8654

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2023-52353

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8d5-v1dc-kyfp

url VCID-dhdp-17ae-t7gf

vulnerability_id VCID-dhdp-17ae-t7gf

summary ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-9988

reference_id

reference_type

scores

value	0.00652
scoring_system	epss
scoring_elements	0.70821
published_at	2026-04-01T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70836
published_at	2026-04-02T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70853
published_at	2026-04-04T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70828
published_at	2026-04-07T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70872
published_at	2026-04-08T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70887
published_at	2026-04-09T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.7091
published_at	2026-04-11T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70895
published_at	2026-04-12T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.7088
published_at	2026-04-13T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70926
published_at	2026-04-16T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70932
published_at	2026-04-18T12:55:00Z

value	0.00652
scoring_system	epss
scoring_elements	0.70912
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-9988

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988

fixed_packages

url	pkg:deb/debian/mbedtls@2.8.0-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.8.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.8.0-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2018-9988

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhdp-17ae-t7gf

url VCID-dvwa-tj33-h3em

vulnerability_id VCID-dvwa-tj33-h3em

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45199

reference_id

reference_type

scores

value	0.09273
scoring_system	epss
scoring_elements	0.9275
published_at	2026-04-21T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.9271
published_at	2026-04-02T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92716
published_at	2026-04-04T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92714
published_at	2026-04-07T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92725
published_at	2026-04-08T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92729
published_at	2026-04-09T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92735
published_at	2026-04-11T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92734
published_at	2026-04-12T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92733
published_at	2026-04-13T12:55:00Z

value	0.09273
scoring_system	epss
scoring_elements	0.92745
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45199

reference_url	https://security.gentoo.org/glsa/202409-14
reference_id	GLSA-202409-14
reference_type
scores
url	https://security.gentoo.org/glsa/202409-14

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/

reference_id

mbedtls-security-advisory-2023-10-2

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T15:42:54Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2023-45199

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvwa-tj33-h3em

url VCID-ewrv-m6gm-y7hc

vulnerability_id VCID-ewrv-m6gm-y7hc

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-16150

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.22867
published_at	2026-04-01T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22994
published_at	2026-04-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23012
published_at	2026-04-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-12T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.2292
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23036
published_at	2026-04-02T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23081
published_at	2026-04-04T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.2287
published_at	2026-04-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22942
published_at	2026-04-08T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23107
published_at	2026-04-18T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.2307
published_at	2026-04-21T12:55:00Z

value	0.00078
scoring_system	epss
scoring_elements	0.23115
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-16150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806
reference_id	972806
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806

reference_url	https://security.archlinux.org/ASA-202101-7
reference_id	ASA-202101-7
reference_type
scores
url	https://security.archlinux.org/ASA-202101-7

reference_url

https://security.archlinux.org/AVG-1386

reference_id

AVG-1386

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1386

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-16150
reference_id	CVE-2020-16150
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-16150

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2020-16150

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewrv-m6gm-y7hc

url VCID-feda-331t-ukg5

vulnerability_id VCID-feda-331t-ukg5

summary

Multiple vulnerabilities have been found in mbed TLS, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2784

reference_id

reference_type

scores

value	0.03121
scoring_system	epss
scoring_elements	0.86865
published_at	2026-04-21T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.8686
published_at	2026-04-16T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86864
published_at	2026-04-18T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86786
published_at	2026-04-01T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86797
published_at	2026-04-02T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86816
published_at	2026-04-04T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.8681
published_at	2026-04-07T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.8683
published_at	2026-04-08T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86838
published_at	2026-04-09T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86851
published_at	2026-04-11T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86848
published_at	2026-04-12T12:55:00Z

value	0.03121
scoring_system	epss
scoring_elements	0.86843
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2784

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2784

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01

reference_url	http://www.talosintelligence.com/reports/TALOS-2017-0274/
reference_id
reference_type
scores
url	http://www.talosintelligence.com/reports/TALOS-2017-0274/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857560
reference_id	857560
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857560

reference_url	https://security.archlinux.org/ASA-201703-16
reference_id	ASA-201703-16
reference_type
scores
url	https://security.archlinux.org/ASA-201703-16

reference_url

https://security.archlinux.org/AVG-198

reference_id

AVG-198

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-198

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.0.0:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.0:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.1:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.2:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.3:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.4:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.5:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.6:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.4.0:::::::*
reference_id	cpe:2.3:a:arm:mbed_tls:2.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.4.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2784

reference_id

CVE-2017-2784

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2784

reference_url	https://security.gentoo.org/glsa/201706-18
reference_id	GLSA-201706-18
reference_type
scores
url	https://security.gentoo.org/glsa/201706-18

fixed_packages

url	pkg:deb/debian/mbedtls@2.4.2-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.4.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2017-2784

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-feda-331t-ukg5

url VCID-g7w2-d16t-8bd9

vulnerability_id VCID-g7w2-d16t-8bd9

summary The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18222

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31845
published_at	2026-04-21T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31858
published_at	2026-04-01T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31986
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32027
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31847
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31899
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31928
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31933
published_at	2026-04-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31893
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.3186
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31871
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222

reference_url	https://security.archlinux.org/ASA-202003-7
reference_id	ASA-202003-7
reference_type
scores
url	https://security.archlinux.org/ASA-202003-7

reference_url

https://security.archlinux.org/AVG-1104

reference_id

AVG-1104

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1104

fixed_packages

url	pkg:deb/debian/mbedtls@2.16.4-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.16.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.4-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2019-18222

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7w2-d16t-8bd9

url VCID-gcjd-xt4f-x3bj

vulnerability_id VCID-gcjd-xt4f-x3bj

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0498

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43077
published_at	2026-04-01T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43135
published_at	2026-04-02T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43163
published_at	2026-04-04T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43101
published_at	2026-04-07T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43154
published_at	2026-04-08T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43166
published_at	2026-04-09T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43187
published_at	2026-04-11T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43155
published_at	2026-04-12T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43139
published_at	2026-04-13T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43199
published_at	2026-04-16T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43189
published_at	2026-04-18T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43122
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821
reference_id	904821
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821

reference_url	https://usn.ubuntu.com/4267-1/
reference_id	USN-4267-1
reference_type
scores
url	https://usn.ubuntu.com/4267-1/

fixed_packages

url	pkg:deb/debian/mbedtls@2.12.0-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.12.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.12.0-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2018-0498

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcjd-xt4f-x3bj

url VCID-gzvn-8b6y-xqeb

vulnerability_id VCID-gzvn-8b6y-xqeb

summary

Multiple vulnerabilities have been found in mbed TLS, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5291

reference_id

reference_type

scores

value	0.02049
scoring_system	epss
scoring_elements	0.83892
published_at	2026-04-21T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83792
published_at	2026-04-01T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83806
published_at	2026-04-02T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.8382
published_at	2026-04-04T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83822
published_at	2026-04-07T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83846
published_at	2026-04-08T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83852
published_at	2026-04-09T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83869
published_at	2026-04-11T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83863
published_at	2026-04-12T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83858
published_at	2026-04-13T12:55:00Z

value	0.02049
scoring_system	epss
scoring_elements	0.83891
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036

reference_url	https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf
reference_id
reference_type
scores
url	https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf

reference_url	https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/
reference_id
reference_type
scores
url	https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/

reference_url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
reference_id
reference_type
scores
url	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01

reference_url	http://www.debian.org/security/2016/dsa-3468
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3468

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::
reference_id	cpe:2.3:a:arm:mbed_tls::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl::::::::
reference_id	cpe:2.3:a:polarssl:polarssl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5291

reference_id

CVE-2015-5291

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5291

reference_url	https://security.gentoo.org/glsa/201706-18
reference_id	GLSA-201706-18
reference_type
scores
url	https://security.gentoo.org/glsa/201706-18

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2015-5291

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzvn-8b6y-xqeb

url VCID-hxpy-59gj-dygh

vulnerability_id VCID-hxpy-59gj-dygh

summary An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28836

reference_id

reference_type

scores

value	0.00113
scoring_system	epss
scoring_elements	0.29721
published_at	2026-04-21T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29819
published_at	2026-04-12T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29768
published_at	2026-04-13T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29787
published_at	2026-04-16T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29767
published_at	2026-04-18T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29899
published_at	2026-04-02T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29947
published_at	2026-04-04T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29759
published_at	2026-04-07T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.2982
published_at	2026-04-08T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29856
published_at	2026-04-09T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29865
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28836

reference_url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_id

security-advisories

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T15:03:49Z/

url

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/

reference_url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

reference_id

v3.6.0

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T15:03:49Z/

url

https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-28836

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxpy-59gj-dygh

url VCID-jcnd-yb5z-p7d3

vulnerability_id VCID-jcnd-yb5z-p7d3

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36422

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.5662
published_at	2026-04-01T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56716
published_at	2026-04-02T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56737
published_at	2026-04-04T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56715
published_at	2026-04-07T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56766
published_at	2026-04-08T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56771
published_at	2026-04-09T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.5678
published_at	2026-04-11T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56757
published_at	2026-04-12T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56736
published_at	2026-04-13T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56767
published_at	2026-04-16T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56764
published_at	2026-04-18T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.56738
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2020-36422

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcnd-yb5z-p7d3

url VCID-k8w1-nrjy-wfbe

vulnerability_id VCID-k8w1-nrjy-wfbe

summary Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35409

reference_id

reference_type

scores

value	0.01661
scoring_system	epss
scoring_elements	0.82015
published_at	2026-04-02T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82037
published_at	2026-04-04T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82031
published_at	2026-04-07T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82058
published_at	2026-04-08T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82065
published_at	2026-04-09T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82085
published_at	2026-04-11T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82075
published_at	2026-04-12T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82067
published_at	2026-04-13T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82101
published_at	2026-04-18T12:55:00Z

value	0.01661
scoring_system	epss
scoring_elements	0.82103
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35409

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35409
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35409

reference_url	https://security.gentoo.org/glsa/202301-08
reference_id	GLSA-202301-08
reference_type
scores
url	https://security.gentoo.org/glsa/202301-08

fixed_packages

url	pkg:deb/debian/mbedtls@2.28.1-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.28.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.1-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2022-35409

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8w1-nrjy-wfbe

url VCID-mxn3-8deq-t3a1

vulnerability_id VCID-mxn3-8deq-t3a1

summary An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45159

reference_id

reference_type

scores

value	0.00575
scoring_system	epss
scoring_elements	0.68786
published_at	2026-04-21T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68776
published_at	2026-04-09T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68799
published_at	2026-04-11T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68785
published_at	2026-04-12T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68756
published_at	2026-04-13T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68797
published_at	2026-04-16T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68808
published_at	2026-04-18T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68708
published_at	2026-04-02T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68727
published_at	2026-04-04T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68705
published_at	2026-04-07T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68757
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45159

reference_url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/

reference_id

mbedtls-security-advisory-2024-08-3

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/

reference_url

reference_id

releases

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

reference_url

reference_id

security-advisories

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/

url

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2024-45159

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxn3-8deq-t3a1

url VCID-nbdz-1xnh-5kf7

vulnerability_id VCID-nbdz-1xnh-5kf7

summary In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-45451

reference_id

reference_type

scores

value	0.00143
scoring_system	epss
scoring_elements	0.34486
published_at	2026-04-01T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34704
published_at	2026-04-02T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3473
published_at	2026-04-04T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34607
published_at	2026-04-07T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34651
published_at	2026-04-08T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34679
published_at	2026-04-09T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34684
published_at	2026-04-11T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34644
published_at	2026-04-12T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3462
published_at	2026-04-13T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34659
published_at	2026-04-16T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34646
published_at	2026-04-18T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34605
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-45451

fixed_packages

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2021-45451

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbdz-1xnh-5kf7

url VCID-p4mh-ztr8-k7d6

vulnerability_id VCID-p4mh-ztr8-k7d6

summary

Multiple vulnerabilities have been found in mbed TLS, the worst of
    which could allow remote attackers to execute arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0488

reference_id

reference_type

scores

value	0.03563
scoring_system	epss
scoring_elements	0.87721
published_at	2026-04-21T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87656
published_at	2026-04-01T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87666
published_at	2026-04-02T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87679
published_at	2026-04-04T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.8768
published_at	2026-04-07T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87701
published_at	2026-04-08T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87707
published_at	2026-04-09T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87718
published_at	2026-04-11T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87712
published_at	2026-04-12T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.8771
published_at	2026-04-13T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87724
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0488

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890287
reference_id	890287
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890287

reference_url	https://security.archlinux.org/ASA-201802-15
reference_id	ASA-201802-15
reference_type
scores
url	https://security.archlinux.org/ASA-201802-15

reference_url

reference_id

AVG-617

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0497

reference_url	https://security.gentoo.org/glsa/201804-19
reference_id	GLSA-201804-19
reference_type
scores
url	https://security.gentoo.org/glsa/201804-19

reference_url	https://usn.ubuntu.com/4267-1/
reference_id	USN-4267-1
reference_type
scores
url	https://usn.ubuntu.com/4267-1/

fixed_packages

url	pkg:deb/debian/mbedtls@2.7.0-2?distro=trixie
purl	pkg:deb/debian/mbedtls@2.7.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.7.0-2%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2018-0488

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4mh-ztr8-k7d6

url VCID-pnsj-2xc8-efbr

vulnerability_id VCID-pnsj-2xc8-efbr

summary security update

references

reference_url

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.55824
published_at	2026-04-21T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55669
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5578
published_at	2026-04-02T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55803
published_at	2026-04-04T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55783
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55834
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55837
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55845
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55825
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55807
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55844
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55848
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821
reference_id	904821
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821

reference_url

https://security.archlinux.org/AVG-742

reference_id

AVG-742

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-742

reference_url	https://usn.ubuntu.com/4267-1/
reference_id	USN-4267-1
reference_type
scores
url	https://usn.ubuntu.com/4267-1/

fixed_packages

url	pkg:deb/debian/mbedtls@2.12.0-1?distro=trixie
purl	pkg:deb/debian/mbedtls@2.12.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.12.0-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-k8w1-nrjy-wfbe

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

vulnerability	VCID-5bxk-rknm-zfhc

vulnerability	VCID-7ppw-f9jy-k7ae

vulnerability	VCID-7v3a-5q44-cucz

vulnerability	VCID-98cg-wuhp-qudq

vulnerability	VCID-f1fz-b8b6-dfb8

vulnerability	VCID-gvkn-6e2m-dyez

vulnerability	VCID-kchn-2wez-bbb2

vulnerability	VCID-pj6w-rufw-nqgd

vulnerability	VCID-vp4q-81cq-33cw

vulnerability	VCID-vs6q-c4ug-xfer

vulnerability	VCID-wsvw-6tmk-3kdj

vulnerability	VCID-zpq1-dwvf-8ka2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4sbv-dqyv-6baw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie

aliases CVE-2018-0497

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnsj-2xc8-efbr

url VCID-rmzm-2q2n-zkdg

vulnerability_id VCID-rmzm-2q2n-zkdg

summary

Multiple vulnerabilities have been found in mbed TLS, the worst of
    which could allow remote attackers to execute arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0487

reference_id

reference_type

scores

value	0.05116
scoring_system	epss
scoring_elements	0.89855
published_at	2026-04-21T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89806
published_at	2026-04-01T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89809
published_at	2026-04-02T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89823
published_at	2026-04-04T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89827
published_at	2026-04-07T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89844
published_at	2026-04-08T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.8985
published_at	2026-04-09T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89856
published_at	2026-04-11T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89854
published_at	2026-04-12T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89847
published_at	2026-04-13T12:55:00Z

value	0.05116
scoring_system	epss
scoring_elements	0.89861
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890288
reference_id	890288
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890288

reference_url	https://security.archlinux.org/ASA-201802-15
reference_id	ASA-201802-15
reference_type
scores
url	https://security.archlinux.org/ASA-201802-15

reference_url

reference_id

AVG-617

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url