CVE-2020-36478

7.5HIGH

Key Information

Vendor: Arm
Status: Mbed Tls
Vendor: CVE Published:; 23 August 2021

Summary

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 23, 2021
Vulnerability Reserved.
Aug 23, 2021

Collectors

NVD DatabaseMitre Database