CVE-2025-27810

MEDIUM

5.4

Beschreibung

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

CVE Details

CVSS v3.1 Bewertung5.4

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht3/25/2025

Zuletzt geandert10/30/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

arm:mbed_tls

Schwachen (CWE)

CWE-908

Referenzen

https://github.com/Mbed-TLS/mbedtls/releases(cve@mitre.org)

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.