An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < 6.0.6003.22769 |