6.3 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.4%
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
bugs.gentoo.org/740108
github.com/ARMmbed/mbedtls/issues/3340
github.com/ARMmbed/mbedtls/pull/3433
github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
lists.debian.org/debian-lts-announce/2022/12/msg00036.html