← volver
CVE-2020-36425

CVE-2020-36425

EPSS 0.9%
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugs.gentoo.org/740108https://github.com/ARMmbed/mbedtls/issues/3340https://github.com/ARMmbed/mbedtls/pull/3433https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html