Skip to content

mbedTLS 2.26.X contains multiple vulnerabilities #56071

New issue
New issue
Closed
Bug
Closed
mbedTLS 2.26.X contains multiple vulnerabilities#56071
Bug
Assignees
ceolincfriedt
Labels
LTSLong term release branch relatedarea: SecuritySecuritybugThe issue is a bug, or the PR is fixing a bugpriority: highHigh impact/importance bug
Milestone
v2.7.5
@ceolin

Description

@ceolin
ceolin
opened on Mar 21, 2023

Describe the bug

mbedTLS 2.26 used on Zephyr LTS contains several vulnerabilities:

https://www.cvedetails.com/cve/CVE-2021-45450/
https://www.cvedetails.com/cve/CVE-2022-35409/
https://www.cvedetails.com/cve/CVE-2022-46392/
https://www.cvedetails.com/cve/CVE-2022-46393/

Expected behavior

Use an updated version that address known issues.

Impact

Products using this version may be exploited.

Additional context

https://www.cvedetails.com/vulnerability-list/vendor_id-15698/product_id-32568/ARM-Mbed-Tls.html

Metadata

Metadata

Assignees

Labels

LTSLong term release branch relatedarea: SecuritySecuritybugThe issue is a bug, or the PR is fixing a bugpriority: highHigh impact/importance bug

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions