Bugzilla – Bug 1189741
VUL-1: CVE-2020-36476: mbedtls: missing zeroization of plaintext buffers in mbedtls_ssl_read
Last modified: 2021-08-24 08:45:46 UTC
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and
before 2.7.17 LTS). There is missing zeroization of plaintext buffers in
mbedtls_ssl_read to erase unused application data from memory.
fixed everywhere, closing