Unrated severityNVD Advisory· Published Aug 23, 2021· Updated Aug 4, 2024
CVE-2020-36478
CVE-2020-36478
Description
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Mbed TLS/Mbed TLSdescription
Patches
Vulnerability mechanics
References
7- lists.debian.org/debian-lts-announce/2021/11/msg00021.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlmitremailing-list
- cert-portal.siemens.com/productcert/pdf/ssa-756638.pdfmitre
- github.com/ARMmbed/mbedtls/issues/3629mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.16.9mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.25.0mitre
- github.com/ARMmbed/mbedtls/releases/tag/v2.7.18mitre
News mentions
0No linked articles in our index yet.