CVE-2020-36477
published 2021-08-23CVE-2020-36477: An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of…
PriorityP430medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
0.83%
53.0th percentile
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | mbed_tls | < 2.24.0 | 2.24.0 |
| debian | mbedtls | < mbedtls 2.28.0-0.3 (bookworm) | mbedtls 2.28.0-0.3 (bookworm) |
| mbed | mbedtls | >= 0 < 2.28.0-0.3 | 2.28.0-0.3 |
| mbed | mbedtls | >= 0 < 2.28.0-0.3 | 2.28.0-0.3 |
| mbed | mbedtls | >= 0 < 2.28.0-0.3 | 2.28.0-0.3 |
| msrc | azl3_qemu_8.2.0-16_on_azure_linux_3.0 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_msrc5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificat
vendor_msrc·2021-08-10·CVSS 5.9
CVE-2020-36477 [MEDIUM] CWE-295 An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificat
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the
Debian
CVE-2020-36477: mbedtls - An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 cer...
vendor_debian·2020·CVSS 5.9
CVE-2020-36477 [MEDIUM] CVE-2020-36477: mbedtls - An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 cer...
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
Scope: local
bookworm: resolved (fixed in 2.28.0-0.3)
bullseye: resolved
forky: resolved (fixed in 2.28.0-0.3)
sid: resolved (fixed in 2.28.0-0.3)
trixie: resolved (fixed in 2.28.0-0.3)
GHSA
GHSA-qfcq-wvh3-6p75: An issue was discovered in Mbed TLS before 2
ghsa_unreviewed·2022-05-24
CVE-2020-36477 [MEDIUM] CWE-295 GHSA-qfcq-wvh3-6p75: An issue was discovered in Mbed TLS before 2
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
OSV
CVE-2020-36477: An issue was discovered in Mbed TLS before 2
osv·2021-08-23·CVSS 5.9
CVE-2020-36477 [MEDIUM] CVE-2020-36477: An issue was discovered in Mbed TLS before 2
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-23
Published