DEBIAN-CVE-2020-36476

DEBIAN-CVE-2020-36476 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:13	mbedtls	0, 0, 0
Debian:11	mbedtls	0, 0, 0
Debian:12	mbedtls	0, 0, 0
Debian:14	mbedtls	0, 0, 0

Timeline

Aug 23, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-36476 advisory

Open in Interactive Console →