CVE-2020-36422 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-36422 PUBLISHED

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

EPSS 0.34% · 56.5th percentile

Risk Scores

EPSS Score

0.34%

56.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	mbedtls	0, 2.16.2-1, 2.16.4-1ubuntu2
Ubuntu:16.04:LTS	mbedtls	2.1.2-1, 2.2.0-1, 2.2.1-1
Ubuntu:18.04:LTS	mbedtls	2.6.0-1, 2.7.0-2, 2.8.0-1

Timeline

Jul 19, 2021 CVE Published
Jul 20, 2021 EPSS Score
Sep 17, 2021 EPSS Score
Nov 15, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 12, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 10, 2022 EPSS Score
Jul 8, 2022 EPSS Score
Sep 6, 2022 EPSS Score
Nov 4, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-36422 third-party-advisory
https://bugs.gentoo.org/730752 third-party-advisory
https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 third-party-advisory
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-36422 third-party-advisory

Open in Interactive Console →