Your submission was sent successfully! Close

CVE-2020-36476

Published: 23 August 2021

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
mbedtls
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Not vulnerable
(2.16.9-0.1ubuntu1)
impish Not vulnerable

jammy Not vulnerable

trusty Does not exist

upstream
Released (2.16.9-0.1)
xenial Ignored
(out of standard support)