CVE-2020-16150

Information Exposure Through Discrepancy in conan/mbedtls

Identifiers

CVE-2020-16150

Package Slug

conan/mbedtls

Vulnerability

Information Exposure Through Discrepancy

Description

A Lucky timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

Affected Versions

All versions before 2.7.17, all versions starting from 2.8.0 before 2.16.8, all versions starting from 2.17.0 before 2.24.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-14

source