Vulnerabilities > CVE-2020-36424 - Information Exposure Through Discrepancy vulnerability in multiple products

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

high complexity

arm

debian

CWE-203

NVD

Published: 2021-07-19

Updated: 2023-01-11

Summary

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

Vulnerable Configurations

Part	Description	Count
Application	Arm ARM Mbed TLS - ARM Mbed TLS 1.3.0 ARM Mbed TLS 1.3.1 ARM Mbed TLS 1.3.2 ARM Mbed TLS 1.3.3 ARM Mbed TLS 1.3.4 ARM Mbed TLS 1.3.5 ARM Mbed TLS 1.3.6 ARM Mbed TLS 1.3.7 ARM Mbed TLS 1.3.8 ARM Mbed TLS 1.3.9 ARM Mbed TLS 1.3.10 ARM Mbed TLS 1.3.11 ARM Mbed TLS 1.3.12 ARM Mbed TLS 1.3.13 ARM Mbed TLS 1.3.14 ARM Mbed TLS 1.3.15 ARM Mbed TLS 1.3.16 ARM Mbed TLS 1.3.17 ARM Mbed TLS 1.3.18 ARM Mbed TLS 1.3.19 ARM Mbed TLS 1.3.20 ARM Mbed TLS 1.3.21 ARM Mbed TLS 1.3.22 ARM Mbed TLS 2.0.0 ARM Mbed TLS 2.1.0 ARM Mbed TLS 2.1.1 ARM Mbed TLS 2.1.2 ARM Mbed TLS 2.1.3 ARM Mbed TLS 2.1.4 ARM Mbed TLS 2.1.5 ARM Mbed TLS 2.1.6 ARM Mbed TLS 2.1.7 ARM Mbed TLS 2.1.8 ARM Mbed TLS 2.1.9 ARM Mbed TLS 2.1.10 ARM Mbed TLS 2.1.11 ARM Mbed TLS 2.1.12 ARM Mbed TLS 2.1.13 ARM Mbed TLS 2.1.14 ARM Mbed TLS 2.1.15 ARM Mbed TLS 2.1.16 ARM Mbed TLS 2.1.17 ARM Mbed TLS 2.1.18 ARM Mbed TLS 2.2.0 ARM Mbed TLS 2.2.1 ARM Mbed TLS 2.2.2 ARM Mbed TLS 2.2.3 ARM Mbed TLS 2.3.0 ARM Mbed TLS 2.3.1 ARM Mbed TLS 2.3.2 ARM Mbed TLS 2.4.0 ARM Mbed TLS 2.4.1 ARM Mbed TLS 2.4.2 ARM Mbed TLS 2.5.0 ARM Mbed TLS 2.5.1 ARM Mbed TLS 2.6.0 ARM Mbed TLS 2.6.1 ARM Mbed TLS 2.7.0 ARM Mbed TLS 2.7.1 ARM Mbed TLS 2.7.2 ARM Mbed TLS 2.7.3 ARM Mbed TLS 2.7.4 ARM Mbed TLS 2.7.5 ARM Mbed TLS 2.7.6 ARM Mbed TLS 2.7.7 ARM Mbed TLS 2.7.8 ARM Mbed TLS 2.7.9 ARM Mbed TLS 2.7.10 ARM Mbed TLS 2.7.11 ARM Mbed TLS 2.7.12 ARM Mbed TLS 2.7.13 ARM Mbed TLS 2.7.14 ARM Mbed TLS 2.7.15 ARM Mbed TLS 2.7.16 ARM Mbed TLS 2.8.0 ARM Mbed TLS 2.9.0 ARM Mbed TLS 2.10.0 ARM Mbed TLS 2.11.0 ARM Mbed TLS 2.12.0 ARM Mbed TLS 2.13.0 ARM Mbed TLS 2.13.1 ARM Mbed TLS 2.14.0 ARM Mbed TLS 2.14.1 ARM Mbed TLS 2.15.0 ARM Mbed TLS 2.15.1 ARM Mbed TLS 2.16.0 ARM Mbed TLS 2.16.1 ARM Mbed TLS 2.16.2 ARM Mbed TLS 2.16.3 ARM Mbed TLS 2.16.4 ARM Mbed TLS 2.16.5 ARM Mbed TLS 2.16.6 ARM Mbed TLS 2.16.7 ARM Mbed TLS 2.17.0 ARM Mbed TLS 2.18.0 ARM Mbed TLS 2.18.1 ARM Mbed TLS 2.19.0 ARM Mbed TLS 2.19.1 ARM Mbed TLS 2.20.0 ARM Mbed TLS 2.21.0 ARM Mbed TLS 2.22.0 ARM Mbed TLS 2.23.0	137
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References