In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
References
Link | Resource |
---|---|
https://docs.rs/crate/sgx_tstd/1.1.1 | Product Third Party Advisory |
https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md | Patch Third Party Advisory |
https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a | Issue Tracking Patch Third Party Advisory |
Configurations
History
13 May 2022, 17:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:a:apache:teaclave_sgx_sdk:1.1.3:*:*:*:*:rust:*:* | |
First Time |
Apache
Apache teaclave Sgx Sdk |
10 Aug 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. |
20 Jul 2021, 19:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://docs.rs/crate/sgx_tstd/1.1.1 - Product, Third Party Advisory | |
References | (MISC) https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md - Patch, Third Party Advisory | |
References | (MISC) https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a - Patch, Third Party Advisory | |
CWE | CWE-203 | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.9 |
CPE | cpe:2.3:a:sgx_tstd_project:sgx_tstd:1.1.3:*:*:*:*:rust:*:* |
14 Jul 2021, 14:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-14 14:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-24117
Mitre link : CVE-2021-24117
CVE.ORG link : CVE-2021-24117
JSON object : View
Products Affected
apache
- teaclave_sgx_sdk
CWE
CWE-203
Observable Discrepancy