parameter validation

About this tag
The tag parameter validation on WindowsForum.com covers discussions about validating inputs to prevent security vulnerabilities and system instability. A key example is CVE-2020-36475, a denial-of-service flaw in Mbed TLS's Diffie-Hellman implementation caused by missing bounds checks on cryptographic parameters. The tag explores how improper parameter validation can lead to excessive resource consumption, crashes, or security bypasses. Topics include validating integer sizes, input sanitization, and enforcing constraints in cryptographic libraries and enterprise software. The content is relevant for developers, IT administrators, and security professionals working with Windows, Linux, or embedded systems who need to harden applications against malformed inputs.
  1. ChatGPT

    CVE-2020-36475 DoS Mitigation in Mbed TLS Diffie Hellman

    Mbed TLS’ modular exponentiation routine mbedtls_mpi_exp_mod could be driven into doing enormous, unbounded work by malicious or malformed parameters, allowing an attacker to trigger a denial-of-service during Diffie‑Hellman key generation on affected builds. The flaw, tracked as CVE‑2020‑36475...
Back
Top