CVE-2020-36475

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!_cmr2020:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!_cmr2040:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu3041c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3041c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_rtu3000c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_rtu3000c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-23 02:15

Updated : 2024-02-28 18:28


NVD link : CVE-2020-36475

Mitre link : CVE-2020-36475

CVE.ORG link : CVE-2020-36475


JSON object : View

Products Affected

siemens

  • logo\!_cmr2020
  • simatic_rtu3031c_firmware
  • simatic_rtu3041c_firmware
  • simatic_rtu3030c
  • simatic_rtu3000c
  • logo\!_cmr2020_firmware
  • simatic_rtu3041c
  • simatic_rtu3030c_firmware
  • simatic_rtu3031c
  • simatic_rtu3000c_firmware
  • logo\!_cmr2040_firmware
  • logo\!_cmr2040

arm

  • mbed_tls

debian

  • debian_linux
CWE
CWE-131

Incorrect Calculation of Buffer Size