CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-36421
https://notcve.org/view.php?id=CVE-2020-36421
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.23.0. Debido a un canal lateral en la exponenciación modular, una clave privada RSA usada en un enclave seguro podría ser divulgada • https://bugs.gentoo.org/730752 https://github.com/ARMmbed/mbedtls/issues/3394 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36422
https://notcve.org/view.php?id=CVE-2020-36422
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.23.0. Un canal lateral permite la recuperación de una clave privada ECC, en relación con las funciones mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul y mbedtls_ecp_mul_restartable • https://bugs.gentoo.org/730752 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36423
https://notcve.org/view.php?id=CVE-2020-36423
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.23.0. Un atacante remoto puede recuperar el texto plano porque una determinada contramedida de Lucky 13 no considera apropiadamente el caso de un acelerador de hardware • https://bugs.gentoo.org/730752 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36424
https://notcve.org/view.php?id=CVE-2020-36424
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.24.0. Un atacante puede recuperar una clave privada (para RSA o Diffie-Hellman estático) por medio de un ataque de canal lateral contra la generación de valores blinding/unblinding de base • https://bugs.gentoo.org/740108 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-36425
https://notcve.org/view.php?id=CVE-2020-36425
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.24.0. Usa incorrectamente una comprobación de revocationDate cuando decide si acepta la revocación de certificados por medio de una CRL. • https://bugs.gentoo.org/740108 https://github.com/ARMmbed/mbedtls/issues/3340 https://github.com/ARMmbed/mbedtls/pull/3433 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html • CWE-295: Improper Certificate Validation •