{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","type":"deb","namespace":"debian","name":"mbedtls","version":"2.16.9-0.1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.16.9-0.1+deb11u1","latest_non_vulnerable_version":"3.6.4-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56861?format=json","vulnerability_id":"VCID-5bxk-rknm-zfhc","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23775","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60271","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60344","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60352","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.6034","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60312","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60327","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60315","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60256","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60252","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60302","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60316","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60323","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60304","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775"},{"reference_url":"https://security.gentoo.org/glsa/202409-14","reference_id":"GLSA-202409-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-14"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/","reference_id":"GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/","reference_id":"IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/","reference_id":"mbedtls-security-advisory-2024-01-2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:39Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930560?format=json","purl":"pkg:deb/debian/mbedtls@2.28.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-23775"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bxk-rknm-zfhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56860?format=json","vulnerability_id":"VCID-f1fz-b8b6-dfb8","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23170","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42893","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43188","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43248","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43173","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43107","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43109","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43027","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43184","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43213","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4315","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43202","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43203","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170"},{"reference_url":"https://security.gentoo.org/glsa/202409-14","reference_id":"GLSA-202409-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-14"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/","reference_id":"GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/","reference_id":"IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/","reference_id":"mbedtls-security-advisory-2024-01-1","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-31T15:14:22Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930560?format=json","purl":"pkg:deb/debian/mbedtls@2.28.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-23170"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1fz-b8b6-dfb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96595?format=json","vulnerability_id":"VCID-gvkn-6e2m-dyez","summary":"Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27809","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23872","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23729","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23706","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23595","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2355","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23771","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23818","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23832","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23741","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33609","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499","reference_id":"1101499","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/","reference_id":"mbedtls-security-advisory-2025-03-1","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases","reference_id":"releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:41:49Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930564?format=json","purl":"pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-27809"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvkn-6e2m-dyez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32154?format=json","vulnerability_id":"VCID-k8w1-nrjy-wfbe","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35409","reference_id":"","reference_type":"","scores":[{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82015","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82031","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82058","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82065","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82085","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82075","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82067","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82126","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82138","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82141","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82158","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35409"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930558?format=json","purl":"pkg:deb/debian/mbedtls@2.28.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2022-35409"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8w1-nrjy-wfbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96596?format=json","vulnerability_id":"VCID-kchn-2wez-bbb2","summary":"Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27810","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27203","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27035","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.26997","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.26951","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.26944","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.26879","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27239","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27032","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27101","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27153","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27109","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27051","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2706","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36207","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499","reference_id":"1101499","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/","reference_id":"mbedtls-security-advisory-2025-03-2","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases","reference_id":"releases","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930564?format=json","purl":"pkg:deb/debian/mbedtls@3.6.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-27810"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kchn-2wez-bbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96797?format=json","vulnerability_id":"VCID-pj6w-rufw-nqgd","summary":"Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54764","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03308","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03287","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05549","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05464","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05503","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05544","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05303","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05334","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05381","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05307","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05308","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54764"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118750","reference_id":"1118750","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118750"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/","reference_id":"mbedtls-security-advisory-2025-10-ssbleed-mstep","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T13:52:18Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T13:52:18Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-54764"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pj6w-rufw-nqgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96822?format=json","vulnerability_id":"VCID-vp4q-81cq-33cw","summary":"Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59438","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09457","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12812","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12815","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12913","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12938","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12903","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13099","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12981","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13032","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752","reference_id":"1118752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/","reference_id":"mbedtls-security-advisory-2025-10-invalid-padding-error","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081538?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-59438"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vp4q-81cq-33cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96048?format=json","vulnerability_id":"VCID-vs6q-c4ug-xfer","summary":"An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28755","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31511","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32052","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32086","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32064","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32036","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31871","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31743","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31661","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32176","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32214","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32037","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32088","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32117","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.32121","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28755"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28755"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686","reference_id":"1077686","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077686"},{"reference_url":"https://github.com/hey3e","reference_id":"hey3e","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/"}],"url":"https://github.com/hey3e"},{"reference_url":"https://hey3e.github.io","reference_id":"hey3e.github.io","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/"}],"url":"https://hey3e.github.io"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0","reference_id":"v3.6.0","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-29T15:04:39Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930561?format=json","purl":"pkg:deb/debian/mbedtls@3.6.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-28755"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vs6q-c4ug-xfer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77128?format=json","vulnerability_id":"VCID-wsvw-6tmk-3kdj","summary":"mbedtls: Insecure handling of shared memory in PSA Crypto APIs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28960.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28960","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35104","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3564","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35649","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35582","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35621","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35611","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35561","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35322","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35301","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35222","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35665","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35616","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272172","reference_id":"2272172","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272172"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/","reference_id":"5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YE3QRREGJC6K34JD4LZ5P3IALNX4QYY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/","reference_id":"6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UZNBMKYEV2J5DI7R4BQGL472V7X3WJY/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md","reference_id":"mbedtls-security-advisory-2024-03.md","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/","reference_id":"NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NCDU52ZDA7TX3HC5JCU6ZZIJQOPTNBK6/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T17:49:02Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930562?format=json","purl":"pkg:deb/debian/mbedtls@2.28.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-28960"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsvw-6tmk-3kdj"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56856?format=json","vulnerability_id":"VCID-1teg-yvuy-4kga","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46392","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.41797","published_at":"2026-05-05T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4211","published_at":"2026-04-08T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42143","published_at":"2026-04-11T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42081","published_at":"2026-04-13T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42133","published_at":"2026-04-16T12:55:00Z"},{"value":"0.002","scoring_system":"epss","scoring_elements":"0.42094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43759","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43679","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43872","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43805","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43757","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46392"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46392"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/","reference_id":"4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/","reference_id":"6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/"},{"reference_url":"https://security.gentoo.org/glsa/202409-14","reference_id":"GLSA-202409-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-14"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2","reference_id":"v2.28.2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0","reference_id":"v3.3.0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:33:01Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930556?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930559?format=json","purl":"pkg:deb/debian/mbedtls@2.28.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2022-46392"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1teg-yvuy-4kga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203718?format=json","vulnerability_id":"VCID-33uw-hd5z-g7dq","summary":"An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45158","reference_id":"","reference_type":"","scores":[{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71675","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71643","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71647","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.7163","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.7168","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71685","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71689","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71568","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71585","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71598","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71632","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71616","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45158"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/","reference_id":"mbedtls-security-advisory-2024-08-2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/","reference_id":"releases","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-06T18:15:25Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-45158"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33uw-hd5z-g7dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93828?format=json","vulnerability_id":"VCID-44ju-rrx6-rkcy","summary":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9989","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60751","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60824","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60852","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60865","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60881","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60903","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60889","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.6087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60912","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60901","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60891","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60904","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60846","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9989"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930550?format=json","purl":"pkg:deb/debian/mbedtls@2.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-9989"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44ju-rrx6-rkcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203618?format=json","vulnerability_id":"VCID-4sbv-dqyv-6baw","summary":"An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45157","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36752","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37284","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37267","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37213","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36989","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36957","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3687","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3737","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37396","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37224","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37275","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37299","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37238","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45157"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/","reference_id":"mbedtls-security-advisory-2024-08-1","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/","reference_id":"releases","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T20:29:47Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930563?format=json","purl":"pkg:deb/debian/mbedtls@3.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-45157"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sbv-dqyv-6baw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94327?format=json","vulnerability_id":"VCID-4y36-8tq3-abg6","summary":"An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10932","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14402","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14582","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14525","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14646","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14696","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14665","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14725","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14685","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14591","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14584","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L/"},{"reference_url":"https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159","reference_id":"963159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963159"},{"reference_url":"https://security.archlinux.org/ASA-202007-5","reference_id":"ASA-202007-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202007-5"},{"reference_url":"https://security.archlinux.org/AVG-1141","reference_id":"AVG-1141","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1141"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10932","reference_id":"CVE-2020-10932","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-10932"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4y36-8tq3-abg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32145?format=json","vulnerability_id":"VCID-5e8e-tdjb-f7c4","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36425","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69161","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69198","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69179","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69229","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.6927","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69256","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69227","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69266","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69274","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69305","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.6932","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69298","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36425"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36425"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5e8e-tdjb-f7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32152?format=json","vulnerability_id":"VCID-5x2e-paq2-nyf9","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44732","reference_id":"","reference_type":"","scores":[{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76054","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76087","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76067","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76101","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76116","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76113","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76154","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76158","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7618","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76202","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76212","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631","reference_id":"1002631","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002631"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930556?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930554?format=json","purl":"pkg:deb/debian/mbedtls@2.28.0-0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.0-0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2021-44732"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5x2e-paq2-nyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185952?format=json","vulnerability_id":"VCID-64rr-rrmq-nkh6","summary":"In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30166","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57272","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57385","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57319","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57342","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57322","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57358","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57335","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57389","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57404","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57363","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.5739","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30166"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:09:37Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0","reference_id":"v3.6.0","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:09:37Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-30166"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64rr-rrmq-nkh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32141?format=json","vulnerability_id":"VCID-71u1-k3yx-pfgx","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36421","reference_id":"","reference_type":"","scores":[{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66693","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66614","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66679","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66647","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66682","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66696","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66681","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66705","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66719","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66574","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.6664","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66659","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36421"},{"reference_url":"https://github.com/ARMmbed/mbedtls/issues/3394","reference_id":"3394","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://github.com/ARMmbed/mbedtls/issues/3394"},{"reference_url":"https://bugs.gentoo.org/730752","reference_id":"730752","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://bugs.gentoo.org/730752"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"},{"reference_url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7","reference_id":"v2.16.7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7"},{"reference_url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0","reference_id":"v2.23.0","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/"}],"url":"https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36421"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71u1-k3yx-pfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96752?format=json","vulnerability_id":"VCID-7ppw-f9jy-k7ae","summary":"Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52497","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26081","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25899","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25918","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25887","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25957","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26008","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26018","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26308","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26249","published_at":"2026-04-13T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.2759","published_at":"2026-04-24T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27642","published_at":"2026-04-21T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27482","published_at":"2026-04-26T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58434","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786","reference_id":"1108786","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108786"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md","reference_id":"mbedtls-security-advisory-2025-06-2.md","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:18:40Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930567?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930566?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-52497"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ppw-f9jy-k7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96734?format=json","vulnerability_id":"VCID-7v3a-5q44-cucz","summary":"Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48965","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09613","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09562","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13774","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13755","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13806","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13737","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13688","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18643","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18673","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18544","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18376","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48965"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790","reference_id":"1108790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108790"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md","reference_id":"mbedtls-security-advisory-2025-06-6.md","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-23T14:32:31Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930567?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930566?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-48965"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7v3a-5q44-cucz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/187343?format=json","vulnerability_id":"VCID-84ba-26t7-eyf8","summary":"An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23744","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15008","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15194","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15137","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15371","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15263","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15245","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15093","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15151","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1519","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23744"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/issues/8694","reference_id":"8694","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-26T17:45:29Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/issues/8694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-23744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84ba-26t7-eyf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94672?format=json","vulnerability_id":"VCID-8vmc-tp28-wyae","summary":"In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24119","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71468","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71535","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71594","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71492","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71517","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71524","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71506","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71552","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73934","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00789","scoring_system":"epss","scoring_elements":"0.73939","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-24119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24119"},{"reference_url":"https://security.archlinux.org/ASA-202107-27","reference_id":"ASA-202107-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-27"},{"reference_url":"https://security.archlinux.org/AVG-2153","reference_id":"AVG-2153","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2153"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930556?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930555?format=json","purl":"pkg:deb/debian/mbedtls@2.16.11-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.11-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2021-24119"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmc-tp28-wyae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94328?format=json","vulnerability_id":"VCID-9236-axrw-8qc4","summary":"Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10941","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72175","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72184","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72057","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72084","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72109","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72132","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72102","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72142","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7215","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.7218","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72189","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10941"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5JPE2HFBDJF3UBT6Q4VWLKNKCVCMX25J/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WD6OSOLLAR2AVPJAMGUKWRXN6477IHHV/"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10941","reference_id":"CVE-2020-10941","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10941"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930553?format=json","purl":"pkg:deb/debian/mbedtls@2.16.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-10941"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9236-axrw-8qc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197712?format=json","vulnerability_id":"VCID-9615-yuce-qye3","summary":"Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49195","reference_id":"","reference_type":"","scores":[{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.77023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76985","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76978","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.77012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.77019","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.77032","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76885","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76915","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76929","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76939","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76946","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76942","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00996","scoring_system":"epss","scoring_elements":"0.76983","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49195"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/","reference_id":"mbedtls-security-advisory-2024-10-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T17:16:25Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-10-1/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-17T17:16:25Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930563?format=json","purl":"pkg:deb/debian/mbedtls@3.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-49195"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9615-yuce-qye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32144?format=json","vulnerability_id":"VCID-987j-wtrr-7beu","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36424","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32626","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32797","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32618","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32655","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32642","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32612","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32457","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32342","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32258","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32117","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36424"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36424"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-987j-wtrr-7beu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96725?format=json","vulnerability_id":"VCID-98cg-wuhp-qudq","summary":"Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47917","reference_id":"","reference_type":"","scores":[{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87753","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87739","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88987","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88961","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88959","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88972","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.8898","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.8892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88938","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88955","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88949","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04351","scoring_system":"epss","scoring_elements":"0.88948","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47917"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791","reference_id":"1108791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108791"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c","reference_id":"CVE-2025-47917","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/52427.c"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md","reference_id":"mbedtls-security-advisory-2025-06-7.md","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-22T14:22:32Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930565?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930566?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-47917"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98cg-wuhp-qudq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93638?format=json","vulnerability_id":"VCID-aw5s-tfkx-6ffv","summary":"Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19608","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47066","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47014","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47069","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47088","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47121","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47015","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46931","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915796","reference_id":"915796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915796"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930549?format=json","purl":"pkg:deb/debian/mbedtls@2.14.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.14.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-19608"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aw5s-tfkx-6ffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61258?format=json","vulnerability_id":"VCID-cbdd-4dr5-53f6","summary":"security update","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00009.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8036","reference_id":"","reference_type":"","scores":[{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80838","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80685","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80694","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80715","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80711","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.8074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80748","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.8078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80781","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80804","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80808","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01445","scoring_system":"epss","scoring_elements":"0.80822","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036"},{"reference_url":"https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"},{"reference_url":"https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/","reference_id":"","reference_type":"","scores":[],"url":"https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"},{"reference_url":"http://www.debian.org/security/2016/dsa-3468","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3468"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8036","reference_id":"CVE-2015-8036","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8036"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2015-8036"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbdd-4dr5-53f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32153?format=json","vulnerability_id":"VCID-ct4s-c1rd-suhj","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45450","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19084","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.18968","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21967","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2181","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21866","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21877","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21837","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2175","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21781","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21787","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21752","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21605","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21599","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21779","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21914","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45450"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2021-45450"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct4s-c1rd-suhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/305965?format=json","vulnerability_id":"VCID-d8d5-v1dc-kyfp","summary":"An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52353","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16071","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1636","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16296","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16316","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16199","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16473","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16332","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16418","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16477","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16421","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16809","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16715","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.167","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52353"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/issues/8654","reference_id":"8654","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:18:23Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/issues/8654"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2023-52353"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8d5-v1dc-kyfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93827?format=json","vulnerability_id":"VCID-dhdp-17ae-t7gf","summary":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9988","reference_id":"","reference_type":"","scores":[{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70821","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70887","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.7091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70895","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.7088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70926","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70932","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70912","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70967","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70976","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70974","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70957","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930550?format=json","purl":"pkg:deb/debian/mbedtls@2.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-9988"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhdp-17ae-t7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56859?format=json","vulnerability_id":"VCID-dvwa-tj33-h3em","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45199","reference_id":"","reference_type":"","scores":[{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92762","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.9271","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92716","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92714","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92725","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92729","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92735","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92734","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92733","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92745","published_at":"2026-04-18T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.9275","published_at":"2026-04-21T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92757","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09273","scoring_system":"epss","scoring_elements":"0.92753","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45199"},{"reference_url":"https://security.gentoo.org/glsa/202409-14","reference_id":"GLSA-202409-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-14"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/","reference_id":"mbedtls-security-advisory-2023-10-2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T15:42:54Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2023-45199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvwa-tj33-h3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32140?format=json","vulnerability_id":"VCID-ewrv-m6gm-y7hc","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16150","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22867","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23036","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23081","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22942","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23012","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2292","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22895","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22792","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23115","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23107","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2307","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22898","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806","reference_id":"972806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972806"},{"reference_url":"https://security.archlinux.org/ASA-202101-7","reference_id":"ASA-202101-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-7"},{"reference_url":"https://security.archlinux.org/AVG-1386","reference_id":"AVG-1386","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1386"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16150","reference_id":"CVE-2020-16150","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-16150"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-16150"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewrv-m6gm-y7hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39981?format=json","vulnerability_id":"VCID-feda-331t-ukg5","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2784","reference_id":"","reference_type":"","scores":[{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86911","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86889","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86786","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.8681","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.8683","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86838","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.8686","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86864","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86865","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03121","scoring_system":"epss","scoring_elements":"0.86881","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2784"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01"},{"reference_url":"http://www.talosintelligence.com/reports/TALOS-2017-0274/","reference_id":"","reference_type":"","scores":[],"url":"http://www.talosintelligence.com/reports/TALOS-2017-0274/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857560","reference_id":"857560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857560"},{"reference_url":"https://security.archlinux.org/ASA-201703-16","reference_id":"ASA-201703-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-16"},{"reference_url":"https://security.archlinux.org/AVG-198","reference_id":"AVG-198","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-198"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2784","reference_id":"CVE-2017-2784","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2784"},{"reference_url":"https://security.gentoo.org/glsa/201706-18","reference_id":"GLSA-201706-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201706-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930547?format=json","purl":"pkg:deb/debian/mbedtls@2.4.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.4.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2017-2784"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-feda-331t-ukg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94084?format=json","vulnerability_id":"VCID-g7w2-d16t-8bd9","summary":"The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18222","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31316","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31858","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31986","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.32027","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31847","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31928","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31933","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31893","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.3186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31845","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31549","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31467","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18222"},{"reference_url":"https://security.archlinux.org/ASA-202003-7","reference_id":"ASA-202003-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202003-7"},{"reference_url":"https://security.archlinux.org/AVG-1104","reference_id":"AVG-1104","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1104"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930552?format=json","purl":"pkg:deb/debian/mbedtls@2.16.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2019-18222"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7w2-d16t-8bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73026?format=json","vulnerability_id":"VCID-gcjd-xt4f-x3bj","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0498","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43077","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43163","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43154","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43155","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43199","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43189","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43122","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43056","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43058","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4284","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821","reference_id":"904821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930548?format=json","purl":"pkg:deb/debian/mbedtls@2.12.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.12.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-0498"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcjd-xt4f-x3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39979?format=json","vulnerability_id":"VCID-gzvn-8b6y-xqeb","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5291","reference_id":"","reference_type":"","scores":[{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.8382","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83822","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83846","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83852","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83869","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83863","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83858","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83891","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83892","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83918","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.83925","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.8393","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8036"},{"reference_url":"https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"},{"reference_url":"https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/","reference_id":"","reference_type":"","scores":[],"url":"https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"},{"reference_url":"http://www.debian.org/security/2016/dsa-3468","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3468"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5291","reference_id":"CVE-2015-5291","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5291"},{"reference_url":"https://security.gentoo.org/glsa/201706-18","reference_id":"GLSA-201706-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201706-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2015-5291"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzvn-8b6y-xqeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201701?format=json","vulnerability_id":"VCID-hxpy-59gj-dygh","summary":"An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28836","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29318","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29721","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29528","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29465","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29899","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29947","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2982","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29856","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29865","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29819","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29768","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29787","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29767","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28836"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T15:03:49Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0","reference_id":"v3.6.0","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T15:03:49Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-28836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxpy-59gj-dygh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32142?format=json","vulnerability_id":"VCID-jcnd-yb5z-p7d3","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36422","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5662","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56716","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56737","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56766","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5678","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56736","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56767","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56738","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56677","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56693","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56631","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36422"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36422"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcnd-yb5z-p7d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267520?format=json","vulnerability_id":"VCID-jeen-6u3v-8qab","summary":"An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34871","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01905","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02764","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02644","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02652","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02684","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02706","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02679","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02665","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02662","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04146","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04922","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34871"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577","reference_id":"1132577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/","reference_id":"mbedtls-security-advisory-2026-03-dev-random","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T20:04:03Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-01T20:04:03Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081538?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u4%3Fdistro=trixie"}],"aliases":["CVE-2026-34871"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jeen-6u3v-8qab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202995?format=json","vulnerability_id":"VCID-mxn3-8deq-t3a1","summary":"An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45159","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68826","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68797","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68808","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68786","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68705","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68757","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68799","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68785","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68756","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45159"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/","reference_id":"mbedtls-security-advisory-2024-08-3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-3/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/","reference_id":"releases","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:17:13Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-45159"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxn3-8deq-t3a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/261976?format=json","vulnerability_id":"VCID-nbdz-1xnh-5kf7","summary":"In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45451","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34486","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34704","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3473","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34607","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34651","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34679","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34684","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34644","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3462","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34659","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34646","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34605","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34369","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.3435","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34266","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34133","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45451"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2021-45451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbdz-1xnh-5kf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62055?format=json","vulnerability_id":"VCID-p4mh-ztr8-k7d6","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0488","reference_id":"","reference_type":"","scores":[{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87758","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87656","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87666","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87679","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.8768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87707","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87718","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87712","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.8771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87724","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87721","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87739","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87745","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03563","scoring_system":"epss","scoring_elements":"0.87744","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890287","reference_id":"890287","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890287"},{"reference_url":"https://security.archlinux.org/ASA-201802-15","reference_id":"ASA-201802-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-15"},{"reference_url":"https://security.archlinux.org/AVG-617","reference_id":"AVG-617","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-617"},{"reference_url":"https://security.gentoo.org/glsa/201804-19","reference_id":"GLSA-201804-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-19"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930546?format=json","purl":"pkg:deb/debian/mbedtls@2.7.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-0488"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4mh-ztr8-k7d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349238?format=json","vulnerability_id":"VCID-ph4w-4hud-mkck","summary":"An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34876","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03384","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0492","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0474","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04959","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04885","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04821","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04832","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04798","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04778","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04731","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06676","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07337","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34876"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577","reference_id":"1132577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ccm-finish-boundary-check/","reference_id":"mbedtls-security-advisory-2026-03-ccm-finish-boundary-check","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:53:54Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-ccm-finish-boundary-check/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:53:54Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"}],"aliases":["CVE-2026-34876"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ph4w-4hud-mkck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73025?format=json","vulnerability_id":"VCID-pnsj-2xc8-efbr","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0497","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5569","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55669","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55803","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55834","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55845","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55825","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55807","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55844","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55848","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55824","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55767","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55744","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821","reference_id":"904821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821"},{"reference_url":"https://security.archlinux.org/AVG-742","reference_id":"AVG-742","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-742"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930548?format=json","purl":"pkg:deb/debian/mbedtls@2.12.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.12.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-0497"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnsj-2xc8-efbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62054?format=json","vulnerability_id":"VCID-rmzm-2q2n-zkdg","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0487","reference_id":"","reference_type":"","scores":[{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89882","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89806","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89809","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89823","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.8985","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89854","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89847","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89861","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89855","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.8987","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05116","scoring_system":"epss","scoring_elements":"0.89869","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890288","reference_id":"890288","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890288"},{"reference_url":"https://security.archlinux.org/ASA-201802-15","reference_id":"ASA-201802-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-15"},{"reference_url":"https://security.archlinux.org/AVG-617","reference_id":"AVG-617","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-617"},{"reference_url":"https://security.gentoo.org/glsa/201804-19","reference_id":"GLSA-201804-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-19"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930546?format=json","purl":"pkg:deb/debian/mbedtls@2.7.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-0487"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rmzm-2q2n-zkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32147?format=json","vulnerability_id":"VCID-rqxq-rqxu-4fes","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36475","reference_id":"","reference_type":"","scores":[{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.7669","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76694","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76705","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76737","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76748","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76776","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76756","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76789","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76794","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76785","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76816","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76824","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76836","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.76825","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36475"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36475"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqxq-rqxu-4fes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56857?format=json","vulnerability_id":"VCID-rv8h-z3cy-yucb","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46393","reference_id":"","reference_type":"","scores":[{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74329","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74251","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74292","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.743","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.7432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74299","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74284","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00818","scoring_system":"epss","scoring_elements":"0.74424","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75242","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75207","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75197","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75235","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75238","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46393"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/","reference_id":"4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:31:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/","reference_id":"6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:31:43Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/"},{"reference_url":"https://security.gentoo.org/glsa/202409-14","reference_id":"GLSA-202409-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-14"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:31:43Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2","reference_id":"v2.28.2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:31:43Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0","reference_id":"v3.3.0","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-21T14:31:43Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930559?format=json","purl":"pkg:deb/debian/mbedtls@2.28.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2022-46393"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rv8h-z3cy-yucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32148?format=json","vulnerability_id":"VCID-s1qx-e7uw-c3eq","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36476","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71525","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71549","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71522","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71562","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71596","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.7158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71606","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71611","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71591","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71646","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71651","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71636","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36476"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36476"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1qx-e7uw-c3eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32143?format=json","vulnerability_id":"VCID-svsq-har4-dyen","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36423","reference_id":"","reference_type":"","scores":[{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60703","published_at":"2026-04-04T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60722","published_at":"2026-04-08T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-04-09T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60761","published_at":"2026-04-11T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60748","published_at":"2026-04-12T12:55:00Z"},{"value":"0.004","scoring_system":"epss","scoring_elements":"0.60729","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71262","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71118","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71246","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71213","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.7122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71198","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71252","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00663","scoring_system":"epss","scoring_elements":"0.71259","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36423"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36423"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svsq-har4-dyen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94829?format=json","vulnerability_id":"VCID-t2j5-4x1d-2kb1","summary":"Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36647","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12294","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12093","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12184","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12038","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12178","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1234","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12139","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12269","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12238","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12202","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1209","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36647"},{"reference_url":"https://kouzili.com/Load-Step.pdf","reference_id":"Load-Step.pdf","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/"}],"url":"https://kouzili.com/Load-Step.pdf"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1","reference_id":"mbedtls-security-advisory-2021-07-1","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/"}],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1"},{"reference_url":"https://github.com/ARMmbed/mbedtls/releases/","reference_id":"releases","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/"}],"url":"https://github.com/ARMmbed/mbedtls/releases/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930556?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930555?format=json","purl":"pkg:deb/debian/mbedtls@2.16.11-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.11-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2021-36647"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2j5-4x1d-2kb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96822?format=json","vulnerability_id":"VCID-vp4q-81cq-33cw","summary":"Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59438","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09457","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13047","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12812","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12815","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12913","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12938","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12903","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13099","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12981","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13032","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752","reference_id":"1118752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118752"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/","reference_id":"mbedtls-security-advisory-2025-10-invalid-padding-error","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-21T16:06:28Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081538?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-59438"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vp4q-81cq-33cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62053?format=json","vulnerability_id":"VCID-wc33-4jtc-7ueu","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18187","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68287","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68327","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68303","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68354","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68398","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68386","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68353","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68392","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68405","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68383","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6843","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68438","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68415","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488"},{"reference_url":"https://security.gentoo.org/glsa/201804-19","reference_id":"GLSA-201804-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-19"},{"reference_url":"https://usn.ubuntu.com/4267-1/","reference_id":"USN-4267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930546?format=json","purl":"pkg:deb/debian/mbedtls@2.7.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.7.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2017-18187"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc33-4jtc-7ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32149?format=json","vulnerability_id":"VCID-wpu6-c26t-4ufn","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36477","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32922","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32958","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32779","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32856","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32857","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32819","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32794","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32837","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32814","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32628","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32512","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.3243","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32295","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36477"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930554?format=json","purl":"pkg:deb/debian/mbedtls@2.28.0-0.3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.0-0.3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36477"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpu6-c26t-4ufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32151?format=json","vulnerability_id":"VCID-x5we-9dmz-p7bh","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43666","reference_id":"","reference_type":"","scores":[{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72382","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72385","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72394","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.7239","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72257","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72259","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72297","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.7231","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72302","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72354","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00713","scoring_system":"epss","scoring_elements":"0.72342","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43666"},{"reference_url":"https://github.com/ARMmbed/mbedtls/issues/5136","reference_id":"5136","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:50:55Z/"}],"url":"https://github.com/ARMmbed/mbedtls/issues/5136"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930556?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930557?format=json","purl":"pkg:deb/debian/mbedtls@2.28.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2021-43666"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5we-9dmz-p7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32150?format=json","vulnerability_id":"VCID-x682-agtt-myf1","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36478","reference_id":"","reference_type":"","scores":[{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66677","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66717","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66716","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66764","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.6678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66787","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66757","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66791","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66788","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66823","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.66795","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36478"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36478"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x682-agtt-myf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349242?format=json","vulnerability_id":"VCID-x8et-cun9-6kgz","summary":"An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is caused by Incorrect Use of Privileged APIs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34877","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29953","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35266","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35244","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35504","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35584","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35594","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35549","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35565","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42212","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44468","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577","reference_id":"1132577","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132577"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-serialized-data/","reference_id":"mbedtls-security-advisory-2026-03-serialized-data","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:51:48Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-serialized-data/"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T17:51:48Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"}],"aliases":["CVE-2026-34877"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8et-cun9-6kgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266553?format=json","vulnerability_id":"VCID-xa5h-khas-8ybs","summary":"In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can induce a hardware hash accelerator fault) to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of an invalid signature. In mbedtls_lms_verify, the return values of the internal Merkle tree functions create_merkle_leaf_value and create_merkle_internal_value are not checked. These functions return an integer that indicates whether the call succeeded or not. If a failure occurs, the output buffer (Tc_candidate_root_node) may remain uninitialized, and the result of the signature verification is unpredictable. When the software implementation of SHA-256 is used, these functions will not fail. However, with hardware-accelerated hashing, an attacker could use fault injection against the accelerator to bypass verification.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49600","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02348","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02414","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02471","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02359","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0236","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02358","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02345","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02329","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02335","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02439","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13966","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49600"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108787","reference_id":"1108787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108787"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md","reference_id":"mbedtls-security-advisory-2025-06-3.md","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:18:22Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930566?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-49600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xa5h-khas-8ybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68785?format=json","vulnerability_id":"VCID-xhbs-y3dr-1kc8","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14032","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22661","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22706","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22576","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22605","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22564","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22558","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22508","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22343","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22341","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22242","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14032"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873557","reference_id":"873557","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873557"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930545?format=json","purl":"pkg:deb/debian/mbedtls@2.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2017-14032"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhbs-y3dr-1kc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94070?format=json","vulnerability_id":"VCID-ydp2-phc9-m7b1","summary":"Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16910","reference_id":"","reference_type":"","scores":[{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76105","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75959","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75994","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75974","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76021","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76046","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76023","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76018","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76058","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76061","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76084","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76094","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910"},{"reference_url":"https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd"},{"reference_url":"https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/"},{"reference_url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10","reference_id":"","reference_type":"","scores":[],"url":"https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265","reference_id":"941265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16910","reference_id":"CVE-2019-16910","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930551?format=json","purl":"pkg:deb/debian/mbedtls@2.16.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2019-16910"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydp2-phc9-m7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266523?format=json","vulnerability_id":"VCID-yjdu-ervm-3bcn","summary":"In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49087","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19178","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19126","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28191","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28074","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2814","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28456","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28505","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.32919","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33037","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33342","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33319","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33283","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33131","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49087"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108789","reference_id":"1108789","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108789"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md","reference_id":"mbedtls-security-advisory-2025-06-5.md","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-21T18:13:55Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md"},{"reference_url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/","reference_id":"security-advisories","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-21T18:13:55Z/"}],"url":"https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930566?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-49087"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjdu-ervm-3bcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266531?format=json","vulnerability_id":"VCID-ysr1-padp-a3ff","summary":"In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49601","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20218","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20137","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20163","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20118","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20042","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20046","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20275","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.19999","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21272","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21273","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.2125","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48692","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49601"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108788","reference_id":"1108788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108788"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md","reference_id":"mbedtls-security-advisory-2025-06-4.md","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:17:24Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930541?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930566?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-49601"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysr1-padp-a3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96751?format=json","vulnerability_id":"VCID-zpq1-dwvf-8ka2","summary":"Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52496","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09375","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11278","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11348","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11293","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27578","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-52496"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52496"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785","reference_id":"1108785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108785"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md","reference_id":"mbedtls-security-advisory-2025-06-1.md","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-08T14:07:04Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md"},{"reference_url":"https://usn.ubuntu.com/8123-1/","reference_id":"USN-8123-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8123-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930567?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930566?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-52496"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpq1-dwvf-8ka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32146?format=json","vulnerability_id":"VCID-zyge-82z3-33eq","summary":"Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36426","reference_id":"","reference_type":"","scores":[{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77475","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77487","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77362","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77392","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77401","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77427","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77407","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77404","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77443","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77434","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01037","scoring_system":"epss","scoring_elements":"0.77468","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77417","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.7741","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36426"},{"reference_url":"https://security.gentoo.org/glsa/202301-08","reference_id":"GLSA-202301-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202301-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/930542?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-k8w1-nrjy-wfbe"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930540?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-5bxk-rknm-zfhc"},{"vulnerability":"VCID-7ppw-f9jy-k7ae"},{"vulnerability":"VCID-7v3a-5q44-cucz"},{"vulnerability":"VCID-98cg-wuhp-qudq"},{"vulnerability":"VCID-f1fz-b8b6-dfb8"},{"vulnerability":"VCID-gvkn-6e2m-dyez"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-kchn-2wez-bbb2"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-pj6w-rufw-nqgd"},{"vulnerability":"VCID-vp4q-81cq-33cw"},{"vulnerability":"VCID-vs6q-c4ug-xfer"},{"vulnerability":"VCID-wsvw-6tmk-3kdj"},{"vulnerability":"VCID-x8et-cun9-6kgz"},{"vulnerability":"VCID-zpq1-dwvf-8ka2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930544?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/930543?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbv-dqyv-6baw"},{"vulnerability":"VCID-jeen-6u3v-8qab"},{"vulnerability":"VCID-ph4w-4hud-mkck"},{"vulnerability":"VCID-x8et-cun9-6kgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1%3Fdistro=trixie"}],"aliases":["CVE-2020-36426"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyge-82z3-33eq"}],"risk_score":"3.7","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"}