Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-27809

Опубликовано: 25 мар. 2025
Источник: debian
EPSS Низкий

Описание

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mbedtlsfixed3.6.3-1package
mbedtlsno-dsabookwormpackage
mbedtlsignoredbullseyepackage

Примечания

  • https://github.com/Mbed-TLS/mbedtls/issues/466

  • https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/

  • https://github.com/Mbed-TLS/mbedtls/commit/9a9f0c77cfd314b761aaeef7a521565e00019b4a (mbedtls-3.6.3)

  • https://github.com/Mbed-TLS/mbedtls/commit/c43a9d5576c3f9b9da21454711c104b1f9d73efa (mbedtls-2.28.10)

EPSS

Процентиль: 24%
0.00081
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-27809

CVSS3: 5.4
ubuntu
около 1 года назад

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

nvd логотип

CVE-2025-27809

CVSS3: 5.4
nvd
около 1 года назад

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

msrc логотип

CVE-2025-27809

msrc
7 месяцев назад

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

github логотип

GHSA-76fv-m4gp-q47j

CVSS3: 5.4
github
около 1 года назад

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

fstec логотип

BDU:2025-06869

CVSS3: 5.4
fstec
около 1 года назад

Уязвимость функции mbedtls_ssl_set_hostname программного обеспечения Mbed TLS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 24%
0.00081
Низкий