Your submission was sent successfully! Close

CVE-2020-36425

Published: 19 July 2021

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
mbedtls
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

groovy Ignored
(reached end-of-life)
hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

trusty Does not exist

upstream Needs triage

xenial Ignored
(out of standard support)