7.5
CVE-2020-36478
- EPSS 0.22%
- Veröffentlicht 23.08.2021 02:15:07
- Zuletzt bearbeitet 21.11.2024 05:29:38
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Logo! Cmr2020 Firmware Version < 2.2
Siemens ≫ Logo! Cmr2040 Firmware Version < 2.2
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.451 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.