ALT-BU-2020-4011-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-01651
Уязвимость функции x509_crt_verify_name реализации протоколов TLS и SSL Mbed TLS, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2022-01834
Уязвимость функции mbedtls_x509_crl_parse_der реализации протоколов TLS и SSL Mbed TLS, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01852
Уязвимость реализации протоколов TLS и SSL Mbed TLS, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-02040
Уязвимость функции mbedtls_ssl_read реализации протоколов TLS и SSL Mbed TLS, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2022-02043
Уязвимость реализации протоколов TLS и SSL Mbed TLS, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказать воздействие на целостность данных
Modified: 2024-11-21
CVE-2020-16150
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
- FEDORA-2020-48a1ae610c
- FEDORA-2020-48a1ae610c
- FEDORA-2020-8b0d59bac6
- FEDORA-2020-8b0d59bac6
- FEDORA-2020-e75ade5e38
- FEDORA-2020-e75ade5e38
- https://tls.mbed.org/tech-updates/security-advisories
- https://tls.mbed.org/tech-updates/security-advisories
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
Modified: 2024-11-21
CVE-2020-36424
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
- https://bugs.gentoo.org/740108
- https://bugs.gentoo.org/740108
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
Modified: 2024-11-21
CVE-2020-36425
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
- https://bugs.gentoo.org/740108
- https://bugs.gentoo.org/740108
- https://github.com/ARMmbed/mbedtls/issues/3340
- https://github.com/ARMmbed/mbedtls/issues/3340
- https://github.com/ARMmbed/mbedtls/pull/3433
- https://github.com/ARMmbed/mbedtls/pull/3433
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
Modified: 2024-11-21
CVE-2020-36426
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
- https://bugs.gentoo.org/740108
- https://bugs.gentoo.org/740108
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
Modified: 2024-11-21
CVE-2020-36476
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- [debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update
- [debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
- [debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
Modified: 2024-11-21
CVE-2020-36477
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).