Bugzilla – Bug 1189742
VUL-1: CVE-2020-36475: mbedtls: potential denial of service via calculations performed by mbedtls_mpi_exp_mod
Last modified: 2021-08-24 08:47:31 UTC
CVE-2020-36475 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36475 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9 https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36475 http://www.cvedetails.com/cve/CVE-2020-36475/
fixed, closing