296,172
Total vulnerabilities in the database
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
| Software | From | Fixed in |
|---|---|---|
| arm / mbed_tls | - | 2.28.10 |
| arm / mbed_tls | 3.0.0 | 3.6.3 |