|
2020-03-24
|
CVE-2020-10941
|
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
|
Mbed_crypto, Mbed_tls, Fedora
|
5.9
|
|
|
|
2018-06-26
|
CVE-2018-1000520
|
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..
|
Mbed_tls
|
7.5
|
|
|
|
2018-12-05
|
CVE-2018-19608
|
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
|
Mbed_tls
|
4.7
|
|
|
|
2018-02-13
|
CVE-2018-0488
|
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
|
Mbed_tls, Debian_linux
|
9.8
|
|
|
|
2020-04-15
|
CVE-2020-10932
|
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via...
|
Mbed_tls
|
N/A
|
|
|
|
2020-01-23
|
CVE-2019-18222
|
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
|
Mbed_crypto, Mbed_tls
|
N/A
|
|
|
|
2018-07-28
|
CVE-2018-0498
|
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
|
Mbed_tls, Debian_linux
|
4.7
|
|
|
|
2018-07-28
|
CVE-2018-0497
|
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
|
Mbed_tls, Debian_linux
|
5.9
|
|
|
|
2018-02-13
|
CVE-2018-0487
|
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
|
Mbed_tls, Debian_linux
|
9.8
|
|
|
|
2018-02-14
|
CVE-2017-18187
|
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
|
Mbed_tls, Debian_linux
|
9.8
|
|
|