CVE-2020-36423
First published: Mon Jul 19 2021(Updated: )
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ARM mbed TLS | <2.16.7 | |
| ARM mbed TLS | >=2.17.0<2.23.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-36423?
CVE-2020-36423 is a vulnerability in Arm Mbed TLS before 2.23.0 that allows a remote attacker to recover plaintext due to a certain Lucky 13 countermeasure not considering the case of a hardware accelerator.
What is the severity of CVE-2020-36423?
CVE-2020-36423 has a severity rating of 7.5 (high).
How does CVE-2020-36423 affect ARM mbed TLS?
CVE-2020-36423 affects ARM mbed TLS versions up to (but not including) 2.23.0.
How can a remote attacker exploit CVE-2020-36423?
A remote attacker can exploit CVE-2020-36423 to recover plaintext due to a certain Lucky 13 countermeasure not considering the case of a hardware accelerator.
How can I fix CVE-2020-36423?
To fix CVE-2020-36423, update to Arm Mbed TLS version 2.23.0 or higher.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm mbed tls
- version/arm mbed tls/2.17.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0