Page 5 of 43 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.23.0. Un canal lateral permite la recuperación de una clave privada ECC, en relación con las funciones mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul y mbedtls_ecp_mul_restartable • https://bugs.gentoo.org/730752 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html • CWE-203: Observable Discrepancy •

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.24.0. Un atacante puede recuperar una clave privada (para RSA o Diffie-Hellman estático) por medio de un ataque de canal lateral contra la generación de valores blinding/unblinding de base • https://bugs.gentoo.org/740108 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.24.0. la función mbedtls_x509_crl_parse_der presenta lectura excesiva del búfer (de un byte) • https://bugs.gentoo.org/740108 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html • CWE-125: Out-of-bounds Read •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed. Se ha detectado un problema en Arm Mbed TLS versiones anteriores a 2.23.0. Debido a un canal lateral en la exponenciación modular, una clave privada RSA usada en un enclave seguro podría ser divulgada • https://bugs.gentoo.org/730752 https://github.com/ARMmbed/mbedtls/issues/3394 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7 https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0 https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html • CWE-203: Observable Discrepancy •

CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. En Trusted Firmware Mbed versión TLS versión 2.24.0, una vulnerabilidad de canal lateral en la decodificación de archivos PEM base64, permite a atacantes a nivel de sistema (administrador) obtener información sobre claves RSA secretas por medio de un ataque de canal controlado y de canal lateral en el software ejecutándose entornos aislados que pueden ser de un solo paso, especialmente Intel SGX • https://github.com/ARMmbed/mbedtls/releases https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW • CWE-203: Observable Discrepancy •