Packages
- mbedtls - Lightweight crypto and SSL/TLS library
Details
It was discovered that Mbed TLS incorrectly handled memory allocation
failures. A remote attacker could possibly use this issue to crash
the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-44732)
Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted
inputs. A remote attacker could possibly use this issue to crash the
program, resulting in a denial of service. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS. (CVE-2024-23775)
It was discovered that Mbed TLS incorrectly handled the TLS
handshake. A remote attacker could possibly use this issue to
break the security guarantees of the TLS handshake.
(CVE-2025-27810)
Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly
documented the behavior of a function. Application code...
It was discovered that Mbed TLS incorrectly handled memory allocation
failures. A remote attacker could possibly use this issue to crash
the program. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-44732)
Jonathan Winzig discovered that Mbed TLS incorrectly handled crafted
inputs. A remote attacker could possibly use this issue to crash the
program, resulting in a denial of service. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS. (CVE-2024-23775)
It was discovered that Mbed TLS incorrectly handled the TLS
handshake. A remote attacker could possibly use this issue to
break the security guarantees of the TLS handshake.
(CVE-2025-27810)
Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly
documented the behavior of a function. Application code relying
on the documented behavior might be affected. A remote attacker
could possibly use this issue to execute arbitrary code.
(CVE-2025-47917)
Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly handled
crafted input. A remote attacker could possibly use this issue to
crash the program, resulting in a denial of service. (CVE-2025-48965)
It was discovered that Mbed TLS incorrectly handled a race condition.
An attacker could possibly use this issue to extract AES keys.
(CVE-2025-52496)
Linh Le and Ngan Nguyen discovered that Mbed TLS incorrectly handled
certain invalid input. A remote attacker could possibly use this
issue to crash the program, resulting in a denial of service.
(CVE-2025-52497)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 24.04 LTS noble | libmbedcrypto7t64 – 2.28.8-1ubuntu0.1~esm1 | ||
| libmbedtls-dev – 2.28.8-1ubuntu0.1~esm1 | |||
| libmbedtls14t64 – 2.28.8-1ubuntu0.1~esm1 | |||
| libmbedx509-1t64 – 2.28.8-1ubuntu0.1~esm1 | |||
| 22.04 LTS jammy | libmbedcrypto7 – 2.28.0-1ubuntu0.1~esm1 | ||
| libmbedtls-dev – 2.28.0-1ubuntu0.1~esm1 | |||
| libmbedtls14 – 2.28.0-1ubuntu0.1~esm1 | |||
| libmbedx509-1 – 2.28.0-1ubuntu0.1~esm1 | |||
| 20.04 LTS focal | libmbedcrypto3 – 2.16.4-1ubuntu2+esm1 | ||
| libmbedtls-dev – 2.16.4-1ubuntu2+esm1 | |||
| libmbedtls12 – 2.16.4-1ubuntu2+esm1 | |||
| libmbedx509-0 – 2.16.4-1ubuntu2+esm1 | |||
| 18.04 LTS bionic | libmbedcrypto1 – 2.8.0-1ubuntu0.1~esm1 | ||
| libmbedtls-dev – 2.8.0-1ubuntu0.1~esm1 | |||
| libmbedtls10 – 2.8.0-1ubuntu0.1~esm1 | |||
| libmbedx509-0 – 2.8.0-1ubuntu0.1~esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.