CVE-2020-36423

Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions prior to 2.23.0

Description A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. This issue is related to the implementation of TLS and SSL protocols in Mbed TLS, allowing an attacker to access confidential data.

Recommendations For versions prior to 2.23.0, update to version 2.23.0 or later to resolve the issue. As a temporary workaround, consider disabling hardware acceleration for TLS and SSL protocols until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.