Mbed TLS is now part of TrustedFirmware.org.

Mbed TLS 2.16.5 and 2.7.14 released


Maintenance releases for Mbed TLS 2.16 and Mbed TLS 2.7 are now available.

These releases bring fixes for a security issue, as described in more detail in our security advisory.


  • (2.16) Fix potential memory overread when performing an ECDSA signature operation. The overread only happens with cryptographically low probability (of the order of 2^-n where n is the bitsize of the curve) unless the RNG is broken, and could result in information disclosure or denial of service (application crash or extra resource consumption). Found by Auke Zeilstra and Peter Schwabe, using static analysis.
  • (2.16, 2.7) To avoid a side channel vulnerability when parsing an RSA private key, read all the CRT parameters from the DER structure rather than reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob Brumley. Reported and fix contributed by Jack Lloyd.


  • (2.16, 2.7) Fix an unchecked call to mbedtls_md() in the x509write module.
  • (2.16, 2.7) Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some RSA keys that would later be rejected by functions expecting private keys. Found by Catena cyber using oss-fuzz (issue 20467).
  • (2.16, 2.7) Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some RSA keys with invalid values by silently fixing those values.

Who should update

We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.

Download links

Get your copy here:


The hashes for mbedtls-2.16.5-apache.tgz are:

SHA-1: c36962183e05467aa1dadafcaacf90216a737866
SHA-256: 65b4c6cec83e048fd1c675e9a29a394ea30ad0371d37b5742453f74084e7b04d

The hashes for mbedtls-2.16.5-gpl.tgz are:

SHA-1: 4fe2c2a93ce0fbc47a210b0a9e0e3b5c20ba32f7
SHA-256: 6ebdea6565c714f1315b9af6a802afb4b4e89976f7d5d2b15aa8028eb52e7d09

The hashes for mbedtls-2.7.14-apache.tgz are:

SHA-1: acc850069d38ce21c029358d7eb9d14691d7fc0a
SHA-256: 9a8ff432b3dcd89c74770d914e28765e3faaea4206f7cc98b02a075994c5090f

The hashes for mbedtls-2.7.14-gpl.tgz are:

SHA-1: e21987c5694da03c596a2920b5aa70c095f262fe
SHA-256: e0676ea78c6bdf6eb3b11a62ccad9d81d9131ecf117586bffe1985de966e3e2f

Like this?




Last updated:
Feb 21, 2020


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.