Arm: >> Mbed Tls >> 2.22.0 Security Vulnerabilities
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
CVSS Score
7.5
EPSS Score
0.009
Published
2021-07-19
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVSS Score
4.9
EPSS Score
0.009
Published
2021-07-14
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-09-02
Page 4