Search

Search is not available in local development.
Run npx pagefind --site __site after building to enable it.

JLSEC-2025-217

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivat...

Source Edit History OSV JSON (OSV)

JLSEC Published: Nov 21, 2025
Modified: Nov 21, 2025
Affected Packages: MbedTLS_jll < 2.28.0+0
Aliases / Upstream: CVE-2021-43666

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtlspkcs12derivation function when an input password's length is 0.

References