An issue was discovered in Arm Mbed TLS before 2.24.0.
mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
bugs.gentoo.org/740108
github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
launchpad.net/bugs/cve/CVE-2020-36426
nvd.nist.gov/vuln/detail/CVE-2020-36426
security-tracker.debian.org/tracker/CVE-2020-36426
www.cve.org/CVERecord?id=CVE-2020-36426