{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98239?format=json","vulnerability_id":"VCID-q56y-6umw-h3et","summary":"In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can induce a hardware hash accelerator fault) to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of an invalid signature. In mbedtls_lms_verify, the return values of the internal Merkle tree functions create_merkle_leaf_value and create_merkle_internal_value are not checked. These functions return an integer that indicates whether the call succeeded or not. If a failure occurs, the output buffer (Tc_candidate_root_node) may remain uninitialized, and the result of the signature verification is unpredictable. When the software implementation of SHA-256 is used, these functions will not fail. However, with hardware-accelerated hashing, an attacker could use fault injection against the accelerator to bypass verification.","aliases":[{"alias":"CVE-2025-49600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/144361?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144362?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144363?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144364?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144365?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144366?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144367?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144368?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/144369?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164115?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164117?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164118?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/168993?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/168995?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/168996?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/168997?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/168998?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/168999?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/169000?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/169001?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198162?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198163?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198164?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198165?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198166?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198167?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198168?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198169?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/198170?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232807?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232809?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232810?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232811?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232812?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245766?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245767?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245768?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245769?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245770?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=riscv64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=riscv64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245771?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245772?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/245773?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164110?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164111?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164112?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164113?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=loongarch64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=loongarch64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164114?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/164116?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=s390x&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=s390x&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/168994?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232804?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=aarch64&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=aarch64&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232805?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armhf&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armhf&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232806?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=armv7&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=armv7&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/232808?format=json","purl":"pkg:apk/alpine/mbedtls@3.6.4-r0?arch=ppc64le&distroversion=v3.24&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@3.6.4-r0%3Farch=ppc64le&distroversion=v3.24&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/213623?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=aarch64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=aarch64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213624?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armhf&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armhf&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213625?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armv7&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armv7&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213626?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=loongarch64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=loongarch64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213627?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=ppc64le&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=ppc64le&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213628?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=riscv64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=riscv64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213629?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=s390x&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=s390x&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213630?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/213631?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86_64&distroversion=v3.24&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86_64&distroversion=v3.24&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286975?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=aarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286976?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armhf&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286977?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=armv7&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286978?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=loongarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286979?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=ppc64le&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286980?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=riscv64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286981?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=s390x&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286982?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/286983?format=json","purl":"pkg:apk/alpine/mbedtls3@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls3@3.6.4-r0%3Farch=x86_64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/94600?format=json","purl":"pkg:deb/debian/mbedtls@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94601?format=json","purl":"pkg:deb/debian/mbedtls@2.16.9-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-45f9-4rpq-1yfj"},{"vulnerability":"VCID-78yd-h2fz-mkb2"},{"vulnerability":"VCID-8c82-yvk4-c7eq"},{"vulnerability":"VCID-9t8r-dmjv-7ubr"},{"vulnerability":"VCID-c5ta-sayw-23bt"},{"vulnerability":"VCID-gqaz-x3ta-cycm"},{"vulnerability":"VCID-jtjx-an1m-tbfr"},{"vulnerability":"VCID-k67t-rqgh-mqd9"},{"vulnerability":"VCID-mb55-kggd-pycw"},{"vulnerability":"VCID-met6-n3g2-7ffw"},{"vulnerability":"VCID-pv7u-gk42-e7h9"},{"vulnerability":"VCID-t6wm-8gyz-yuhj"},{"vulnerability":"VCID-tumu-jfkr-v3d2"},{"vulnerability":"VCID-tzuu-ccjr-8ue3"},{"vulnerability":"VCID-yyhp-6qj6-vbfw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94599?format=json","purl":"pkg:deb/debian/mbedtls@2.28.3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-45f9-4rpq-1yfj"},{"vulnerability":"VCID-74rw-a8vr-3fec"},{"vulnerability":"VCID-78yd-h2fz-mkb2"},{"vulnerability":"VCID-8c82-yvk4-c7eq"},{"vulnerability":"VCID-8zk5-2j61-vfhk"},{"vulnerability":"VCID-9t8r-dmjv-7ubr"},{"vulnerability":"VCID-ca3a-4mx4-p3ar"},{"vulnerability":"VCID-gqaz-x3ta-cycm"},{"vulnerability":"VCID-j2m5-x4aa-tqcv"},{"vulnerability":"VCID-jh8m-huq1-f7gw"},{"vulnerability":"VCID-jtjx-an1m-tbfr"},{"vulnerability":"VCID-k67t-rqgh-mqd9"},{"vulnerability":"VCID-mb55-kggd-pycw"},{"vulnerability":"VCID-met6-n3g2-7ffw"},{"vulnerability":"VCID-pv7u-gk42-e7h9"},{"vulnerability":"VCID-q8z7-t6t1-aqef"},{"vulnerability":"VCID-rrnf-p8e2-fyg6"},{"vulnerability":"VCID-t6wm-8gyz-yuhj"},{"vulnerability":"VCID-ts8g-xyud-h3f4"},{"vulnerability":"VCID-tumu-jfkr-v3d2"},{"vulnerability":"VCID-tzuu-ccjr-8ue3"},{"vulnerability":"VCID-ukcp-tv8q-5udx"},{"vulnerability":"VCID-yyhp-6qj6-vbfw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94626?format=json","purl":"pkg:deb/debian/mbedtls@3.6.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94603?format=json","purl":"pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ca3a-4mx4-p3ar"},{"vulnerability":"VCID-hbsr-f774-yufv"},{"vulnerability":"VCID-jtjx-an1m-tbfr"},{"vulnerability":"VCID-k67t-rqgh-mqd9"},{"vulnerability":"VCID-met6-n3g2-7ffw"},{"vulnerability":"VCID-t6wm-8gyz-yuhj"},{"vulnerability":"VCID-ts8g-xyud-h3f4"},{"vulnerability":"VCID-tumu-jfkr-v3d2"},{"vulnerability":"VCID-ukcp-tv8q-5udx"},{"vulnerability":"VCID-yyhp-6qj6-vbfw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.5-0.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94602?format=json","purl":"pkg:deb/debian/mbedtls@3.6.6-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@3.6.6-0.1%3Fdistro=trixie"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49600","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14714","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14836","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14834","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14805","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49600"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108787","reference_id":"1108787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108787"},{"reference_url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md","reference_id":"mbedtls-security-advisory-2025-06-3.md","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:18:22Z/"}],"url":"https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md"}],"weaknesses":[{"cwe_id":325,"name":"Missing Cryptographic Step","description":"The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm."}],"exploits":[],"severity_range_score":"4.9 - 4.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q56y-6umw-h3et"}