CVE-2020-16150
conan/mbedtls
Information Exposure Through Discrepancy
A Lucky timing side channel in mbedtls_ssl_decrypt_buf
in library/ssl_msg.c
in Trusted Firmware Mbed TLS allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
All versions before 2.7.17, all versions starting from 2.8.0 before 2.16.8, all versions starting from 2.17.0 before 2.24.0
Unfortunately, there is no solution available yet.
2020-09-14
source |