JLSEC-2025-187

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-187.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-187.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2025-187

Aliases

CVE-2025-27810
EUVD-2025-14831

Published

2025-10-23T17:26:52.088Z

Modified

2025-11-06T22:57:35.592629Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware ...

Details

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

Database specific

{
    "sources": [
        {
            "published": "2025-03-25T00:00:00Z",
            "id": "EUVD-2025-14831",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-14831",
            "imported": "2025-10-23T16:25:34.016Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-14831",
            "modified": "2025-03-25T14:37:14Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / MbedTLS_jll

Package

Name: MbedTLS_jll
Purl: pkg:julia/MbedTLS_jll?uuid=c8ffd9c3-330d-5841-b78e-0817d7145fa1

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.28.10+0