CVE-2020-16150

🗓️ 02 Sep 2020 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 98 Views

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS

Reporter	Title	Published	Views	Family All 60
FreeBSD	Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS	1 Sep 202000:00	–	freebsd
ATTACKERKB	CVE-2020-16150	2 Sep 202016:15	–	attackerkb
AlpineLinux	CVE-2020-16150	2 Sep 202000:00	–	alpinelinux
ArchLinux	[ASA-202101-7] mbedtls: private key recovery	8 Jan 202100:00	–	archlinux
AstraLinux	Astra Linux - уязвимость в mbedtls	3 May 202623:59	–	astralinux
Cvelist	CVE-2020-16150	2 Sep 202000:00	–	cvelist
Debian	[SECURITY] [DLA 3249-1] mbedtls security update	25 Dec 202223:33	–	debian
Debian CVE	CVE-2020-16150	2 Sep 202000:00	–	debiancve
Tenable Nessus	Debian dla-3249 : libmbedcrypto3 - security update	26 Dec 202200:00	–	nessus
Tenable Nessus	Fedora 31 : mbedtls (2020-48a1ae610c)	17 Sep 202000:00	–	nessus

NVD

Node

arm mbed_tlsRange<2.7.17

arm mbed_tlsRange2.8.0–2.16.8

arm mbed_tlsRange2.17.0–2.24.0

Node

Node

Source	Link
tls	www.tls.mbed.org/tech-updates/security-advisories
tls	www.tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IRPBHCQKZXHVKOP5O5EWE7P76AWGUXQJ/
lists	www.lists.debian.org/debian-lts-announce/2022/12/msg00036.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OSOFUD6UTGTDDSQRS62BPXDU52I6PUA/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD3NM6GD73CTFFRBKG5G2ACXGG7QQHCC/

21 Nov 2024 05:06Current

5.4Medium risk

Vulners AI Score5.4

CVSS 22.1

CVSS 3.15.5

EPSS0.00077