Your submission was sent successfully! Close

CVE-2020-36478

Published: 23 August 2021

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
mbedtls
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

hirsute Not vulnerable
(2.16.9-0.1ubuntu1)
impish Not vulnerable

jammy Not vulnerable

trusty Does not exist

upstream
Released (2.16.9-0.1)
xenial Ignored
(out of standard support)