Arm: >> Mbed Tls >> 2.26.0 Security Vulnerabilities
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-12-21
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-12-20
Page 3