Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

ARM mbed TLS denial of service vulnerability

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS suffers from a denial of service vulnerability that stems from an unrestricted calculation performed by mbedtlsmpiexpmod. An attacker could exploit this vulnerability to provide...

CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs...

Design/Logic Flaw

An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs...