Lucene search

Mbed Tls Security Vulnerabilities - 2020

cve

CVE-2019-18222

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

4.7CVSS

4.6AI Score

0.001EPSS

2020-01-23 05:15 PM

cve

CVE-2020-10932

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side chan...

4.7CVSS

4.7AI Score

0.001EPSS

2020-04-15 02:15 PM

142

cve

CVE-2020-10941

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

5.9CVSS

5.5AI Score

0.002EPSS

2020-03-24 08:15 PM

cve

CVE-2020-16150

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

5.5CVSS

5.4AI Score

0.001EPSS

2020-09-02 04:15 PM