Mbed Tls
The latest Mbed Tls coverage — news, analysis, and updates from the WindowsNews.AI desk.
Mbed TLS bug in versions before 2.23.0 lets malformed certs bypass verification.
The discovery of CVE-2020-36478 in Mbed TLS revealed a subtle but significant vulnerability in certificate validation that could allow malformed certificates to be incorrectly accepted as valid. This...
Unpatched Mbed TLS Devices Leave Decrypted Data Exposed in Memory—Here’s How to Clean Up
A bug in the widely used Mbed TLS encryption library fails to scrub decrypted plaintext from memory after certain read operations, potentially exposing session tokens, passwords, and other secrets to...
Unchecked Diffie-Hellman Parameters Can Brick Mbed TLS Devices — The Fix Is a Simple Update
A vulnerability in the widely used Mbed TLS cryptographic library allows attackers to remotely freeze or crash connected devices by feeding them oversized Diffie-Hellman key exchange parameters. The...
Mbed TLS 2.24.0 Patches Hostname Spoofing Hole That Leverages Crafted IP Certificates
In August 2020, the maintainers of the widely embedded Mbed TLS library released version 2.24.0 to fix a certificate validation flaw that could allow an attacker to impersonate any domain name by...
CVE-2025-52496: Critical Mbed TLS AESNI Race Condition Threatens Azure Linux Security
A critical security vulnerability in Mbed TLS, identified as CVE-2025-52496, has exposed a race condition in the AESNI detection path that could temporarily force the widely-used cryptographic...
Azure Linux libcurl bug CVE-2024-2466 bypasses TLS cert checks.
The recent disclosure of CVE-2024-2466, a vulnerability affecting libcurl when built with the mbedTLS backend, has highlighted critical issues in software supply chain security and vendor attestation...
CVE-2019-18222: The ECDSA Blinding Flaw in Mbed TLS Explained
The discovery of CVE-2019-18222 in late 2019 revealed a critical cryptographic vulnerability in Arm's Mbed TLS library that undermined the security of ECDSA (Elliptic Curve Digital Signature...
CVE-2020-10941: patch Mbed TLS to 2.16.6 or 2.7.15 to block RSA key cache-timing leak.
A critical side-channel vulnerability in Arm's Mbed TLS cryptographic library, tracked as CVE-2020-10941, exposed RSA private keys to potential recovery through cache-timing attacks during key import...