ALT-PU-2025-4699-2
Closed vulnerabilities
Published: 2025-06-18
Modified: 2026-03-02
Modified: 2026-03-02
BDU:2025-06868
Уязвимость реализации протокола TLS программного обеспечения Mbed TLS, позволяющая нарушителю проводить атаки типа "человек по середине"
Severity: MEDIUM (5.4)Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
Published: 2025-06-18
Modified: 2026-03-02
Modified: 2026-03-02
BDU:2025-06869
Уязвимость функции mbedtls_ssl_set_hostname программного обеспечения Mbed TLS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (5.4)Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Severity: MEDIUM (4.0)Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
Published: 2025-03-25
Modified: 2025-07-17
Modified: 2025-07-17
CVE-2025-27809
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
References:
Published: 2025-03-25
Modified: 2025-10-30
Modified: 2025-10-30
CVE-2025-27810
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
Severity: MEDIUM (4.8)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
References: