Mbed Tls@2.8.0 Security Vulnerabilities and Issues — Mbed Tls@2.8.0 CVE List

Lucene search

ArmMbed Tls2.8.0

6 matches found

CVE•added 2021/08/23 2:15 a.m.•77 views

CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

7.5CVSS7.1AI score0.00359EPSS

CVE•added 2021/08/23 2:15 a.m.•67 views

CVE-2020-36478

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate s...

7.5CVSS7.3AI score0.00254EPSS

CVE•added 2021/07/19 5:15 p.m.•61 views

CVE-2020-36425

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

5.3CVSS6.6AI score0.00299EPSS

CVE•added 2021/08/23 2:15 a.m.•60 views

CVE-2020-36476

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

7.5CVSS7.3AI score0.0024EPSS

CVE•added 2021/07/19 5:15 p.m.•57 views

CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

4.7CVSS5.4AI score0.00085EPSS

CVE•added 2021/07/19 5:15 p.m.•49 views

CVE-2020-36426

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).

7.5CVSS7.5AI score0.00225EPSS