CVE-2020-36478
Summary
| CVE | CVE-2020-36478 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-08-23 02:15:00 UTC |
|---|
| Updated | 2023-01-11 17:01:00 UTC |
|---|
| Description | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf |
CONFIRM |
cert-portal.siemens.com |
|
| Release Mbed TLS 2.7.18 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3249-1] mbedtls security update |
MLIST |
lists.debian.org |
|
| Release Mbed TLS 2.16.9 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 2826-1] mbedtls security update |
MLIST |
lists.debian.org |
|
| Certificate verification discrepancy between OpenSSL and mbed TLS · Issue #3629 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| Release Mbed TLS 2.25.0 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178909 Debian Security Update for mbedtls (DLA 2826-1)
- 181446 Debian Security Update for mbedtls (DLA 3249-1)
- 590717 Siemens LOGO! CMR and SIMATIC RTU 3000 Multiple Vulnerabilities (ICSA-21-257-20)
- 591119 Siemens LOGO! CMR Family and SIMATIC RTU 3000 Family Multiple Vulnerabilities (ssa-756638)
- 710702 Gentoo Linux Mbed Transport Layer Security (TLS) Multiple Vulnerabilities (GLSA 202301-08)
