ALPINE-CVE-2025-27810

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2025-27810

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-27810.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2025-27810

Upstream

CVE-2025-27810

Published

2025-03-25T06:15:41.180Z

Modified

2025-11-14T04:28:00.585841Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

References

https://security.alpinelinux.org/vuln/CVE-2025-27810

Affected packages

Alpine:v3.18 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.28.10-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

2.16.3-r0

2.16.5-r0

2.16.6-r0

2.16.8-r0

2.16.9-r0

2.16.10-r0

2.16.10-r1

2.16.12-r0

2.16.12-r1

2.28.0-r0

2.28.1-r0

2.28.1-r1

2.28.2-r0

2.28.3-r0

2.28.3-r1

2.28.4-r0

2.28.5-r0

2.28.7-r0

2.28.8-r0

2.28.9-r0

Alpine:v3.19 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.28.10-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

2.16.3-r0

2.16.5-r0

2.16.6-r0

2.16.8-r0

2.16.9-r0

2.16.10-r0

2.16.10-r1

2.16.12-r0

2.16.12-r1

2.28.0-r0

2.28.1-r0

2.28.1-r1

2.28.2-r0

2.28.3-r0

2.28.3-r1

2.28.3-r2

2.28.3-r3

2.28.4-r0

2.28.5-r0

2.28.6-r0

2.28.7-r0

2.28.8-r0

2.28.9-r0

Alpine:v3.20 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

2.16.3-r0

2.16.5-r0

2.16.6-r0

2.16.8-r0

2.16.9-r0

2.16.10-r0

2.16.10-r1

2.16.12-r0

2.16.12-r1

2.28.0-r0

2.28.1-r0

2.28.1-r1

2.28.2-r0

2.28.3-r0

2.28.3-r1

2.28.3-r2

2.28.3-r3

2.28.4-r0

2.28.5-r0

2.28.6-r0

2.28.7-r0

2.28.8-r0

3.*

3.6.0-r0

3.6.1-r0

3.6.2-r0

Alpine:v3.21 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

2.16.3-r0

2.16.5-r0

2.16.6-r0

2.16.8-r0

2.16.9-r0

2.16.10-r0

2.16.10-r1

2.16.12-r0

2.16.12-r1

2.28.0-r0

2.28.1-r0

2.28.1-r1

2.28.2-r0

2.28.3-r0

2.28.3-r1

2.28.3-r2

2.28.3-r3

2.28.4-r0

2.28.5-r0

2.28.6-r0

2.28.7-r0

2.28.8-r0

3.*

3.6.0-r0

3.6.1-r0

3.6.2-r0

Alpine:v3.22 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

2.16.3-r0

2.16.5-r0

2.16.6-r0

2.16.8-r0

2.16.9-r0

2.16.10-r0

2.16.10-r1

2.16.12-r0

2.16.12-r1

2.28.0-r0

2.28.1-r0

2.28.1-r1

2.28.2-r0

2.28.3-r0

2.28.3-r1

2.28.3-r2

2.28.3-r3

2.28.4-r0

2.28.5-r0

2.28.6-r0

2.28.7-r0

2.28.8-r0

3.*

3.6.0-r0

3.6.1-r0

3.6.2-r0