VDB
CVE-2020-36478
CVE-2020-36478
PUBLISHED
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
EPSS 0.52% · 67.2th percentile
Risk Scores
EPSS Score
0.52%
67.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | mbedtls | 2.5.1-1ubuntu1, 2.7.0-2, 2.6.0-1 |
| Ubuntu:16.04:LTS | mbedtls | 2.2.1-2ubuntu0.3, 2.2.1-1, 2.2.0-1 |
| Ubuntu:20.04:LTS | mbedtls | 0, 2.16.4-1ubuntu2, 2.16.3-1 |
Exploit Intelligence
Timeline
- Aug 23, 2021 CVE Published
- Aug 23, 2021 EPSS Score
- Oct 20, 2021 EPSS Score
- Dec 18, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 14, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 13, 2022 EPSS Score
- Jun 10, 2022 EPSS Score
- Aug 9, 2022 EPSS Score
- Oct 6, 2022 EPSS Score
- Dec 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36478 third-party-advisory
- https://github.com/ARMmbed/mbedtls/issues/3629 third-party-advisory
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9 third-party-advisory
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0 third-party-advisory
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36478 third-party-advisory