Vulnerabilities > CVE-2020-36424 - Information Exposure Through Discrepancy vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugs.gentoo.org/740108
- https://bugs.gentoo.org/740108
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- https://github.com/ARMmbed/mbedtls/releases/tag/v2.7.17
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2