Описание
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
Ссылки
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ...
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
Уязвимость реализации протоколов TLS и SSL Mbed TLS, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5.3 Medium
CVSS3
4.3 Medium
CVSS2