VDB
GCVE-110-MAGEIA-2020-469
GCVE-110-MAGEIA-2020-469
Advisory Published
This update provides security bug fixes and minor enhancements.
Limit the size of calculations performed by mbedtls_mpi_exp_mod to
MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when generating
Diffie-Hellman key pairs.
A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
which is how most uses of randomization in asymmetric cryptography are
implemented. This could cause failures or the silent use of non-random values.
Fix a compliance issue whereby the library did not check the tag on the
algorithm parameters (only the size) when comparing the signature in the
description part of the cert to the real signature.
Zeroising of local buffers and variables which are used for calculations in
mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(),
mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
functions to erase sensitive data from memory.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mbedtls | 0 (affected), 2.16.9-1.mga7 (unaffected) | — |
Browse GCVE Records
73,053 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.