An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-23T00:00:00

Updated: 2024-08-04T17:30:07.313Z

Reserved: 2021-08-23T00:00:00

Link: CVE-2020-36478

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-23T02:15:07.097

Modified: 2024-11-21T05:29:38.247

Link: CVE-2020-36478

cve-icon Redhat

No data.