AZL-47697 CVE-2024-23170 affecting package hvloader for versions less than 1.0.1-6

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

ARM mbed TLS 安全漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. A security vulnerability exists in the mbedtlspkcs12derivation function in ARM mbed TLS 3.0.0 and earlier versions, which allows an attacker to trigger a denial-of-service attack by typing a...