vulnerability

Debian: CVE-2020-36476: mbedtls -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Aug 23, 2021	Nov 29, 2021	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Aug 23, 2021

Added

Nov 29, 2021

Modified

Mar 30, 2026

Description

An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.

Solution

debian-upgrade-mbedtls

References

CVE-2020-36476
https://attackerkb.com/topics/CVE-2020-36476
CWE-212
DEBIAN-DLA-2826-1
EUVD-EUVD-2020-23962
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-23962

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report