CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-16150
https://notcve.org/view.php?id=CVE-2020-16150
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length. Un canal lateral de sincronización Lucky versión 13, en la función mbedtls_ssl_decrypt_buf en el archivo library/ssl_msg.c en Trusted Firmware Mbed TLS versiones hasta 2.23.0, permite a un atacante recuperar información de la clave secreta. Esto afecta al modo CBC debido a una diferencia de tiempo calculada basada en una longitud de relleno • https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC https://tls.mbed.org/tech-updates/security-advisories https://tls.mbed.org/tech-updates/security-adv • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12883
https://notcve.org/view.php?id=CVE-2020-12883
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12925 https://github.com/ARMmbed/mbed-os/issues/12926 https://github.com/ARMmbed/mbed-os/issues/12927 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12884
https://notcve.org/view.php?id=CVE-2020-12884
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12928 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12885
https://notcve.org/view.php?id=CVE-2020-12885
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12929 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12886
https://notcve.org/view.php?id=CVE-2020-12886
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12948 • CWE-125: Out-of-bounds Read •