Vulnerabilities > CVE-2020-36424 - Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS

047910
CVSS 1.9 - LOW
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

Vulnerable Configurations

Part Description Count
Application
Arm
136

Common Weakness Enumeration (CWE)