Unrated severityNVD Advisory· Published Jul 19, 2021· Updated Aug 4, 2024
CVE-2020-36425
CVE-2020-36425
Description
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Arm/Mbed TLSdescription
Patches
Vulnerability mechanics
References
7- lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlmitremailing-list
- bugs.gentoo.org/740108mitre
- github.com/ARMmbed/mbedtls/issues/3340mitre
- github.com/ARMmbed/mbedtls/pull/3433mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.16.8mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.24.0mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.7.17mitre
News mentions
0No linked articles in our index yet.