CVE-2020-20950

Summary

CVE	CVE-2020-20950
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-01-19 13:15:00 UTC
Updated	2021-09-08 17:22:00 UTC
Description	Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Risk And Classification

Problem Types: CWE-327

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Macos	-	All	All	All
Operating System	Apple	Mac Os	-	All	All	All
Operating System	Apple	Mac Os	-	All	All	All
Application	Ietf	Public Key Cryptography Standards 1	1.5	All	All	All
Application	Ietf	Public Key Cryptography Standards 1	1.5	All	All	All
Operating System	Linux	Linux Kernel	-	All	All	All
Operating System	Linux	Linux Kernel	-	All	All	All
Application	Microchip	Microchip Libraries For Applications	All	All	All	All
Operating System	Microsoft	Windows	-	All	All	All
Operating System	Microsoft	Windows	-	All	All	All

References

Reference	Source	Link	Tags
Silence Will Fall (Or How It Can Take 2 Years to Get Your Vuln Registered) \| by BI.ZONE \| Jan, 2021 \| Medium	MISC	bi-zone.medium.com	Technical Description, Third Party Advisory
microchip.com	MISC	microchip.com	Product
archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf	MISC	archiv.infsec.ethz.ch	Technical Description, Third Party Advisory
Microchip Libraries for Applications \| Microchip Technology Inc.	MISC	www.microchip.com	Product
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.