CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2020-36475 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2020-36475
23 Aug 2021 — An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. Se ha detectado un problema en Mbed TLS versiones anteriores a 2.25.0 (y versiones anteriores a 2.16.9 LTS y versiones anteriores a 2.7.18 LTS). Los cálculos llevado a cabo por la función mbedtls_mpi_exp_mod no están limitados; por lo... • https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2020-36478 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2020-36478
23 Aug 2021 — An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid. Se ha detectado un problema en Mbed TLS versiones anteriores a 2.25.0 (y versiones anteriores a 2.16.9 LTS y versiones anteriores a 2.7.18 LTS). Una entrada de parámetros de algoritmo ... • https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf • CWE-295: Improper Certificate Validation •