CVE-2020-20950
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
Un ataque de Bleichenbacher en el relleno PKCS#1 versión v1.5 para RSA en las Bibliotecas de Microchip para Aplicaciones en todas las versiones del 26-11-2018 hasta el 26-11-2018. La vulnerabilidad puede permitir a uno usar el ataque de oráculo de Bleichenbacher para descifrar un texto encriptado cifrado al hacer consultas sucesivas al servidor usando la biblioteca vulnerable, resultando en una divulgación de información remota
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-13 CVE Reserved
- 2021-01-19 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf | Technical Description | |
| http://microchip.com | Product | |
| https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb | Technical Description | |
| https://www.microchip.com/mplab/microchip-libraries-for-applications | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microchip Search vendor "Microchip" | Microchip Libraries For Applications Search vendor "Microchip" for product "Microchip Libraries For Applications" | <= 2018-11-26 Search vendor "Microchip" for product "Microchip Libraries For Applications" and version " <= 2018-11-26" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Microchip Search vendor "Microchip" | Microchip Libraries For Applications Search vendor "Microchip" for product "Microchip Libraries For Applications" | <= 2018-11-26 Search vendor "Microchip" for product "Microchip Libraries For Applications" and version " <= 2018-11-26" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Microchip Search vendor "Microchip" | Microchip Libraries For Applications Search vendor "Microchip" for product "Microchip Libraries For Applications" | <= 2018-11-26 Search vendor "Microchip" for product "Microchip Libraries For Applications" and version " <= 2018-11-26" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Ietf Search vendor "Ietf" | Public Key Cryptography Standards \#1 Search vendor "Ietf" for product "Public Key Cryptography Standards \#1" | 1.5 Search vendor "Ietf" for product "Public Key Cryptography Standards \#1" and version "1.5" | - |
Affected
| ||||||