CVE-2020-36476

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 2.24.0 Mbed TLS versions prior to 2.16.8 LTS Mbed TLS versions prior to 2.7.17 LTS

Description The issue is related to the missing zeroization of plaintext buffers in the mbedtls ssl read function, which fails to erase unused application data from memory. This could potentially allow a remote attacker to impact data integrity.

Recommendations For versions prior to 2.24.0, update to version 2.24.0 or later. For versions prior to 2.16.8 LTS, update to version 2.16.8 LTS or later. For versions prior to 2.7.17 LTS, update to version 2.7.17 LTS or later.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-212CWE-668

Related Identifiers

ALT-PU-2020-2711

ALT-PU-2021-2234

ALT-PU-2025-10462

BDU:2022-02040

CVE-2020-36476

DLA-2826-1

DLA-3249-1

Affected Products

Alt Linux

Astra Linux

Mbed Tls

CVE-2020-36476

Weakness Enumeration

Related Identifiers

Affected Products

References · 21