An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf | Patch Third Party Advisory |
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9 | Release Notes Third Party Advisory |
https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0 | Release Notes Third Party Advisory |
https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18 | Release Notes Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
History
26 Dec 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Nov 2021, 21:35
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html - Mailing List, Third Party Advisory |
23 Nov 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Sep 2021, 16:03
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf - Patch, Third Party Advisory | |
CPE | cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_rtu3000c:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_rtu3041c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:logo\!_cmr2040:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_rtu3041c:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_rtu3000c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:logo\!_cmr2020:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:* |
14 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Aug 2021, 23:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-131 | |
References | (MISC) https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9 - Release Notes, Third Party Advisory |
23 Aug 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-23 02:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-36475
Mitre link : CVE-2020-36475
CVE.ORG link : CVE-2020-36475
JSON object : View
Products Affected
siemens
- logo\!_cmr2040
- simatic_rtu3030c_firmware
- simatic_rtu3000c
- simatic_rtu3041c
- logo\!_cmr2020
- simatic_rtu3031c_firmware
- simatic_rtu3041c_firmware
- simatic_rtu3000c_firmware
- logo\!_cmr2040_firmware
- simatic_rtu3030c
- simatic_rtu3031c
- logo\!_cmr2020_firmware
arm
- mbed_tls
debian
- debian_linux
CWE
CWE-131
Incorrect Calculation of Buffer Size