CVE-2024-23170
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
Se descubrió un problema en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2. Había un canal lateral de sincronización en las operaciones privadas de RSA. Este canal lateral podría ser suficiente para que un atacante local recupere el texto plano. Requiere que el atacante envíe una gran cantidad de mensajes para descifrarlos, como se describe en "Everlasting ROBOT: the Marvin Attack" de Hubert Kario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-12 CVE Reserved
- 2024-01-31 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | >= 2.0.0 < 2.28.7 Search vendor "Arm" for product "Mbed Tls" and version " >= 2.0.0 < 2.28.7" | - |
Affected
| ||||||
| Arm Search vendor "Arm" | Mbed Tls Search vendor "Arm" for product "Mbed Tls" | >= 3.0.0 < 3.5.2 Search vendor "Arm" for product "Mbed Tls" and version " >= 3.0.0 < 3.5.2" | - |
Affected
| ||||||