CVE-2020-36422
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
Published
2021-07-19T17:15:11.177
Last Modified
2024-11-21T05:29:28.237
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 5.3 (MEDIUM)
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: NONE
- Availability Impact: NONE
Exploitability Score
10.0
Impact Score
2.9
Weaknesses
Affected Vendors & Products
References
-
https://bugs.gentoo.org/730752
Issue Tracking, Patch, Third Party Advisory
([email protected])
-
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
Release Notes, Third Party Advisory
([email protected])
-
https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
Release Notes, Third Party Advisory
([email protected])
-
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
Mailing List, Third Party Advisory
([email protected])
-
https://bugs.gentoo.org/730752
Issue Tracking, Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
Mailing List, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)