Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-q56y-6umw-h3et

Summary In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can induce a hardware hash accelerator fault) to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of an invalid signature. In mbedtls_lms_verify, the return values of the internal Merkle tree functions create_merkle_leaf_value and create_merkle_internal_value are not checked. These functions return an integer that indicates whether the call succeeded or not. If a failure occurs, the output buffer (Tc_candidate_root_node) may remain uninitialized, and the result of the signature verification is unpredictable. When the software implementation of SHA-256 is used, these functions will not fail. However, with hardware-accelerated hashing, an attacker could use fault injection against the accelerator to bypass verification.

Aliases

alias	CVE-2025-49600

Fixed_packages

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=edge&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.22&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.23&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.23&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.24&reponame=main
purl	pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.24&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.24&reponame=main

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=aarch64&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=aarch64&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=aarch64&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armhf&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armhf&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armhf&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armv7&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armv7&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armv7&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=loongarch64&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=loongarch64&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=loongarch64&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=ppc64le&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=ppc64le&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=ppc64le&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=riscv64&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=riscv64&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=riscv64&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=s390x&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=s390x&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=s390x&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86_64&distroversion=v3.24&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86_64&distroversion=v3.24&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86_64&distroversion=v3.24&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:deb/debian/mbedtls@0?distro=trixie
purl	pkg:deb/debian/mbedtls@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

purl pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45f9-4rpq-1yfj

vulnerability	VCID-78yd-h2fz-mkb2

vulnerability	VCID-8c82-yvk4-c7eq

vulnerability	VCID-9t8r-dmjv-7ubr

vulnerability	VCID-c5ta-sayw-23bt

vulnerability	VCID-gqaz-x3ta-cycm

vulnerability	VCID-jtjx-an1m-tbfr

vulnerability	VCID-k67t-rqgh-mqd9

vulnerability	VCID-mb55-kggd-pycw

vulnerability	VCID-met6-n3g2-7ffw

vulnerability	VCID-pv7u-gk42-e7h9

vulnerability	VCID-t6wm-8gyz-yuhj

vulnerability	VCID-tumu-jfkr-v3d2

vulnerability	VCID-tzuu-ccjr-8ue3

vulnerability	VCID-yyhp-6qj6-vbfw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

purl pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45f9-4rpq-1yfj

vulnerability	VCID-74rw-a8vr-3fec

vulnerability	VCID-78yd-h2fz-mkb2

vulnerability	VCID-8c82-yvk4-c7eq

vulnerability	VCID-8zk5-2j61-vfhk

vulnerability	VCID-9t8r-dmjv-7ubr

vulnerability	VCID-ca3a-4mx4-p3ar

vulnerability	VCID-gqaz-x3ta-cycm

vulnerability	VCID-j2m5-x4aa-tqcv

vulnerability	VCID-jh8m-huq1-f7gw

vulnerability	VCID-jtjx-an1m-tbfr

vulnerability	VCID-k67t-rqgh-mqd9

vulnerability	VCID-mb55-kggd-pycw

vulnerability	VCID-met6-n3g2-7ffw

vulnerability	VCID-pv7u-gk42-e7h9

vulnerability	VCID-q8z7-t6t1-aqef

vulnerability	VCID-rrnf-p8e2-fyg6

vulnerability	VCID-t6wm-8gyz-yuhj

vulnerability	VCID-ts8g-xyud-h3f4

vulnerability	VCID-tumu-jfkr-v3d2

vulnerability	VCID-tzuu-ccjr-8ue3

vulnerability	VCID-ukcp-tv8q-5udx

vulnerability	VCID-yyhp-6qj6-vbfw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie

url pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

purl pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ca3a-4mx4-p3ar

vulnerability	VCID-hbsr-f774-yufv

vulnerability	VCID-jtjx-an1m-tbfr

vulnerability	VCID-k67t-rqgh-mqd9

vulnerability	VCID-met6-n3g2-7ffw

vulnerability	VCID-t6wm-8gyz-yuhj

vulnerability	VCID-ts8g-xyud-h3f4

vulnerability	VCID-tumu-jfkr-v3d2

vulnerability	VCID-ukcp-tv8q-5udx

vulnerability	VCID-yyhp-6qj6-vbfw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/mbedtls@3.6.6-0.1?distro=trixie
purl	pkg:deb/debian/mbedtls@3.6.6-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.6-0.1%3Fdistro=trixie

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49600

reference_id

reference_type

scores

value	0.00046
scoring_system	epss
scoring_elements	0.14714
published_at	2026-06-11T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14836
published_at	2026-06-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14834
published_at	2026-06-13T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14805
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49600

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108787
reference_id	1108787
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108787

reference_url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md

reference_id

mbedtls-security-advisory-2025-06-3.md

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:18:22Z/

url

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md

Weaknesses

cwe_id	325
name	Missing Cryptographic Step
description	The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

Exploits

Severity_range_score 4.9 - 4.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q56y-6umw-h3et

Vulnerability Instance