5 matches found
[SECURITY] [DLA 3249-1] mbedtls security update
Debian LTS Advisory DLA-3249-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 26, 2022 https://wiki.debian.org/LTS Package : mbedtls Version : 2.16.9-0deb10u1 CVE ID : CVE-2019-16910 CVE-2019-18222 CVE-2020-10932 CVE-2020-10941 CVE-2020-16150...
Fedora 31 : mbedtls (2020-48a1ae610c)
Update to 2.16.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...
CVE-2020-16150
A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...
ALPINE-CVE-2020-16150
A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...
CVE-2020-16150
CVE-2020-16150 describes a Lucky 13 timing side-channel in mbedtls_ssl_decrypt_buf (library/ssl_msg.c) of Trusted Firmware Mbed TLS up to version 2.23.0. The side-channel arises from padding-length dependent timing in CBC mode, enabling an attacker to recover secret key information. The vulnerabi...