Описание
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2.28.0-1build1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | not-affected | 2.28.0-1build1 |
| esm-apps/noble | not-affected | 2.28.0-1build1 |
| esm-apps/xenial | needed | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | not-affected | 2.28.0-1build1 |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
Use of a Broken or Risky Cryptographic Algorithm in the function mbedt ...
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
Уязвимость функции mbedtls_mpi_exp_mod() (lignum.c) программного обеспечения Mbed TLS, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
4.7 Medium
CVSS3