Denial of Service Vulnerability in Mbed TLS by ARM
CVE-2020-36475

7.5HIGH

Key Information:

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 23 August 2021

What is CVE-2020-36475?

An issue in Mbed TLS prior to version 2.25.0 can lead to Denial of Service due to unrestricted calculations performed by mbedtls_mpi_exp_mod. This could allow an attacker to supply excessively large parameters, potentially disrupting the generation of Diffie-Hellman key pairs.

References

https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9

https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2021
Vulnerability Reserved
Aug 23, 2021

Arm

What is CVE-2020-36475?

References

CVSS V3.1

Timeline