CVE-2021-43666
First published: Thu Mar 24 2022(Updated: )
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ARM mbed TLS | <=3.0.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Denial of Service vulnerability in mbed TLS?
The vulnerability ID for this Denial of Service vulnerability in mbed TLS is CVE-2021-43666.
What is the severity of CVE-2021-43666?
The severity of CVE-2021-43666 is high with a severity value of 7.5.
What is the affected software for CVE-2021-43666?
The affected software for CVE-2021-43666 includes mbed TLS 3.0.0 and earlier as well as Debian Linux 10.0.
What is the description of CVE-2021-43666 vulnerability?
CVE-2021-43666 is a Denial of Service vulnerability in mbed TLS that occurs in the mbedtls_pkcs12_derivation function when an input password's length is 0.
How can I fix CVE-2021-43666 vulnerability?
To fix CVE-2021-43666 vulnerability, it is recommended to update mbed TLS to version 3.0.1 or later.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm mbed tls
- version/arm mbed tls/3.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0