Unrated severityNVD Advisory· Published Aug 23, 2021· Updated Aug 4, 2024
CVE-2020-36476
CVE-2020-36476
Description
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Mbed TLS/Mbed TLSdescription
Patches
Vulnerability mechanics
References
5- lists.debian.org/debian-lts-announce/2021/11/msg00021.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlmitremailing-list
- github.com/ARMmbed/mbedtls/releases/tag/v2.16.8mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.24.0mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.7.17mitre
News mentions
0No linked articles in our index yet.