CVE-2020-36424
Summary
| CVE | CVE-2020-36424 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-07-19 17:15:00 UTC |
|---|
| Updated | 2023-01-11 17:02:00 UTC |
|---|
| Description | An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 740108 – (CVE-2020-16150, CVE-2020-36424, CVE-2020-36425, CVE-2020-36426) <net-libs/mbedtls-{2.16.8,2.24.0}: Multiple vulnerabilities (CVE-2020-{16150,36424,36425,36426}) |
MISC |
bugs.gentoo.org |
|
| Local side channel attack on RSA and static Diffie-Hellman - Tech Updates - Mbed TLS (Previously PolarSSL) |
MISC |
tls.mbed.org |
|
| Release Mbed TLS 2.16.8 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| Release Mbed TLS 2.24.0 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| Release Mbed TLS 2.7.17 · ARMmbed/mbedtls · GitHub |
MISC |
github.com |
|
| [SECURITY] [DLA 3249-1] mbedtls security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180705 Debian Security Update for mbedtls (CVE-2020-36424)
- 181446 Debian Security Update for mbedtls (DLA 3249-1)
- 710702 Gentoo Linux Mbed Transport Layer Security (TLS) Multiple Vulnerabilities (GLSA 202301-08)
