Total vulnerabilities in the database
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
| Software | From | Fixed in |
|---|---|---|
| arm / mbed_tls | 2.17.0 | 2.25.0 |
| arm / mbed_tls | 2.8.0 | 2.16.9 |
| arm / mbed_tls | - | 2.7.18 |
| siemens / logo!_cmr2020_firmware | - | 2.2 |
| siemens / logo!_cmr2040_firmware | - | 2.2 |
| siemens / simatic_rtu3031c_firmware | - | - |
| siemens / simatic_rtu3041c_firmware | - | - |
| siemens / simatic_rtu3030c_firmware | - | - |
| siemens / simatic_rtu3000c_firmware | - | - |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |