Vulnerabilities > CVE-2020-36422 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
arm
debian
CWE-203

Summary

An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.

Vulnerable Configurations

Part Description Count
Application
Arm
137
OS
Debian
1

Common Weakness Enumeration (CWE)