CVE-2025-27810 - CERT CVE
ID CVE-2025-27810
Sažetak Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
Reference
CVSS
Base: 5.4
Impact: 2.7
Exploitability:2.2
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Zadnje važnije ažuriranje 27-03-2025 - 16:45
Objavljeno 25-03-2025 - 06:15