CVE-2020-36475

Published: Aug 23, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

Affected (11)

Products: Arm: Mbed Tls · Siemens: Logo! Cmr2020 Firmware, Logo! Cmr2040 Firmware, Simatic Rtu3031c Firmware, Simatic Rtu3041c Firmware, Simatic Rtu3030c Firmware, Simatic Rtu3000c Firmware · Debian: Debian Linux

Arm

1 product

Mbed Tls

Siemens

6 products

Logo! Cmr2020 Firmware

Logo! Cmr2040 Firmware

Simatic Rtu3031c Firmware

Simatic Rtu3041c Firmware

Simatic Rtu3030c Firmware

Simatic Rtu3000c Firmware

Debian

1 product

Debian Linux

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Arm Mbed Tls	Before 2.7.18
Arm Mbed Tls	From 2.17.0 to 2.25.0
Arm Mbed Tls	From 2.8.0 to 2.16.9

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Logo! Cmr2020 Firmware	Before 2.2

Running on/with	Platform Versions
Siemens Logo! Cmr2020	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Logo! Cmr2040 Firmware	Before 2.2

Running on/with	Platform Versions
Siemens Logo! Cmr2040	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3031c Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Rtu3031c	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3041c Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Rtu3041c	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3030c Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Rtu3030c	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Rtu3000c Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Rtu3000c	All versions

Configuration H

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-131

Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References (12)

https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.9

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.18

Source: cve@mitre.org

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf