Vulnerabilities > CVE-2021-24117 - Information Exposure Through Discrepancy vulnerability in Apache Teaclave SGX SDK 1.1.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://docs.rs/crate/sgx_tstd/1.1.1
- https://docs.rs/crate/sgx_tstd/1.1.1
- https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a
- https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a
- https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
- https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md