Search for packages
Package details: pkg:alpm/archlinux/mbedtls@2.7.0-1
purl pkg:alpm/archlinux/mbedtls@2.7.0-1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-kk1q-u5b2-aaae ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. CVE-2018-0488
VCID-krrf-1uy1-aaam ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. CVE-2018-0487

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:46:04.512020+00:00 Arch Linux Importer Fixing VCID-krrf-1uy1-aaam https://security.archlinux.org/AVG-617 36.0.0
2025-03-28T07:46:04.491317+00:00 Arch Linux Importer Fixing VCID-kk1q-u5b2-aaae https://security.archlinux.org/AVG-617 36.0.0
2024-09-18T02:01:08.902321+00:00 Arch Linux Importer Fixing VCID-krrf-1uy1-aaam https://security.archlinux.org/AVG-617 34.0.1
2024-09-18T02:01:08.876408+00:00 Arch Linux Importer Fixing VCID-kk1q-u5b2-aaae https://security.archlinux.org/AVG-617 34.0.1
2024-01-24T11:41:55.530841+00:00 Arch Linux Importer Fixing VCID-krrf-1uy1-aaam https://security.archlinux.org/AVG-617 34.0.0rc2
2024-01-24T11:41:55.508984+00:00 Arch Linux Importer Fixing VCID-kk1q-u5b2-aaae https://security.archlinux.org/AVG-617 34.0.0rc2
2024-01-03T22:27:24.557386+00:00 Arch Linux Importer Fixing VCID-krrf-1uy1-aaam https://security.archlinux.org/AVG-617 34.0.0rc1
2024-01-03T22:27:24.530404+00:00 Arch Linux Importer Fixing VCID-kk1q-u5b2-aaae https://security.archlinux.org/AVG-617 34.0.0rc1