CVE-2020-36478

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-36478
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36478.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-36478
Downstream
Published
2021-08-23T02:15:07.097Z
Modified
2026-04-02T06:09:54.513849Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

References

Affected packages

Git / github.com/armmbed/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/armmbed/mbedtls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
78d9663acec4ac72af43e2db57fc73a24e856108
Introduced
8be0e6db41b4a085e90cb03983f99d3a5158d450
Fixed
3fac0bae4a50113989b3d015cd2d948f51a6d9ac
Introduced
3f8d78411a26e833db18d9fbde0e2f0baeda87f0
Fixed
1c54b5410fd48d6bcada97e30cac417c5c7eea67
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8254ed2a9fadede8c6bf414072f78fc78d5af61c
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8254ed2a9fadede8c6bf414072f78fc78d5af61c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.7.18"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.16.9"
        },
        {
            "introduced": "2.17.0"
        },
        {
            "fixed": "2.25.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3fac0bae4a50113989b3d015cd2d948f51a6d9ac
Fixed
1c54b5410fd48d6bcada97e30cac417c5c7eea67
Fixed
78d9663acec4ac72af43e2db57fc73a24e856108

Affected versions

Other
beta-oob-2
beta-release
list
mbed-alpha3
mbed-os-beta
mbedos-2016q1-oob1
mbedos-2016q1-oob2
mbedos-2016q1-oob3
mbedos-release-15-11
mbedos-techcon-oob2
feature-opaque-keys-2.*
feature-opaque-keys-2.7-rc1
mbedos-16.*
mbedos-16.01-release
mbedos-16.03-release
mbedtls-1.*
mbedtls-1.3.10
mbedtls-1.3.11
mbedtls-1.3.12
mbedtls-1.3.13
mbedtls-1.3.14
mbedtls-1.3.15
mbedtls-1.3.16
mbedtls-1.3.17
mbedtls-1.3.18
mbedtls-1.3.19
mbedtls-1.3.19-rc1
mbedtls-1.3.20
mbedtls-1.3.21
mbedtls-1.3.21-rc1
mbedtls-1.3.22
mbedtls-1.3.22-rc1
mbedtls-1.4-dtls-preview
mbedtls-2.*
mbedtls-2.0.0
mbedtls-2.1.0
mbedtls-2.1.1
mbedtls-2.1.10
mbedtls-2.1.10-rc1
mbedtls-2.1.11
mbedtls-2.1.11-rc1
mbedtls-2.1.12
mbedtls-2.1.13
mbedtls-2.1.14
mbedtls-2.1.15
mbedtls-2.1.16
mbedtls-2.1.17
mbedtls-2.1.18
mbedtls-2.1.2
mbedtls-2.1.3
mbedtls-2.1.4
mbedtls-2.1.5
mbedtls-2.1.6
mbedtls-2.1.7
mbedtls-2.1.7-rc1
mbedtls-2.1.8
mbedtls-2.1.9
mbedtls-2.1.9-rc1
mbedtls-2.10.0
mbedtls-2.11.0
mbedtls-2.12.0
mbedtls-2.13.0
mbedtls-2.13.1
mbedtls-2.14.0
mbedtls-2.14.1
mbedtls-2.15.0
mbedtls-2.15.1
mbedtls-2.16.0
mbedtls-2.16.1
mbedtls-2.16.2
mbedtls-2.16.3
mbedtls-2.16.4
mbedtls-2.16.5
mbedtls-2.16.6
mbedtls-2.16.7
mbedtls-2.16.8
mbedtls-2.17.0
mbedtls-2.18.0
mbedtls-2.18.1
mbedtls-2.19.0
mbedtls-2.19.0d1
mbedtls-2.19.0d2
mbedtls-2.19.1
mbedtls-2.2.0
mbedtls-2.2.1
mbedtls-2.20.0
mbedtls-2.20.0d0
mbedtls-2.20.0d1
mbedtls-2.21.0
mbedtls-2.22.0
mbedtls-2.22.0d0
mbedtls-2.23.0
mbedtls-2.24.0
mbedtls-2.3.0
mbedtls-2.4.0
mbedtls-2.4.1
mbedtls-2.4.2
mbedtls-2.4.2-rc1
mbedtls-2.5.0
mbedtls-2.5.0-rc1
mbedtls-2.5.1
mbedtls-2.6.0
mbedtls-2.6.0-rc1
mbedtls-2.6.1
mbedtls-2.6.1-rc1
mbedtls-2.7.0
mbedtls-2.7.0-rc1
mbedtls-2.7.1
mbedtls-2.7.10
mbedtls-2.7.11
mbedtls-2.7.12
mbedtls-2.7.13
mbedtls-2.7.14
mbedtls-2.7.15
mbedtls-2.7.16
mbedtls-2.7.17
mbedtls-2.7.2
mbedtls-2.7.2-rc1
mbedtls-2.7.3
mbedtls-2.7.4
mbedtls-2.7.5
mbedtls-2.7.6
mbedtls-2.7.7
mbedtls-2.7.8
mbedtls-2.7.9
mbedtls-2.8.0
mbedtls-2.8.0-rc1
mbedtls-2.9.0
mbedtls-3.*
mbedtls-3.0.0p1
polarssl-0.*
polarssl-0.10.0
polarssl-0.10.1
polarssl-0.11.0
polarssl-0.11.1
polarssl-0.12.0
polarssl-0.12.1
polarssl-0.13.0
polarssl-0.13.1
polarssl-0.14.0
polarssl-0.14.1
polarssl-0.14.2
polarssl-0.14.3
polarssl-0.99-pre1
polarssl-0.99-pre2
polarssl-0.99-pre3
polarssl-0.99-pre4
polarssl-0.99-pre5
polarssl-1.*
polarssl-1.0.0
polarssl-1.1.0
polarssl-1.1.0-rc0
polarssl-1.1.0-rc1
polarssl-1.1.1
polarssl-1.1.2
polarssl-1.1.3
polarssl-1.1.4
polarssl-1.1.5
polarssl-1.1.6
polarssl-1.1.7
polarssl-1.1.8
polarssl-1.2.0
polarssl-1.2.0-pre1
polarssl-1.2.1
polarssl-1.2.10
polarssl-1.2.11
polarssl-1.2.12
polarssl-1.2.13
polarssl-1.2.14
polarssl-1.2.15
polarssl-1.2.16
polarssl-1.2.17
polarssl-1.2.18
polarssl-1.2.19
polarssl-1.2.2
polarssl-1.2.3
polarssl-1.2.4
polarssl-1.2.5
polarssl-1.2.6
polarssl-1.2.7
polarssl-1.2.8
polarssl-1.2.9
polarssl-1.3-alpha1
polarssl-1.3.0
polarssl-1.3.0-rc0
polarssl-1.3.1
polarssl-1.3.2
polarssl-1.3.3
polarssl-1.3.4
polarssl-1.3.5
polarssl-1.3.6
polarssl-1.3.7
polarssl-1.3.8
polarssl-1.3.9
v2.*
v2.16.7
v2.16.8
v2.23.0
v2.24.0
v2.7.16
v2.7.17
yotta-2.*
yotta-2.2.1
yotta-2.2.2
yotta-2.2.3
yotta-2.3.0
yotta-2.3.1
yotta-2.3.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36478.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]