Your submission was sent successfully! Close

CVE-2020-36475

Published: 23 August 2021

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
mbedtls
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Not vulnerable
(2.16.9-0.1ubuntu1)
impish Not vulnerable

jammy Not vulnerable

trusty Does not exist

upstream
Released (2.16.9-0.1)
xenial Ignored
(out of standard support)