JLSEC-2025-211
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-211.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-211.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2025-211
- Upstream
- Published
- 2025-11-21T15:59:04.054Z
- Modified
- 2025-11-21T16:17:56.040035Z
- Summary
- An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS)
- Details
-
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtlssslread to erase unused application data from memory.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "id": "CVE-2020-36476", "imported": "2025-11-20T23:04:00.326Z", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-36476", "modified": "2024-11-21T05:29:37.843Z", "published": "2021-08-23T02:15:06.987Z", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36476" } ] }- References
-
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html