Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
References
Link | Resource |
---|---|
https://github.com/ARMmbed/mbedtls/releases/ | Third Party Advisory |
https://kouzili.com/Load-Step.pdf | Third Party Advisory |
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Jan 2023, 17:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Arm
Arm mbed Tls |
|
References | (MISC) https://github.com/ARMmbed/mbedtls/releases/ - Third Party Advisory | |
References | (MISC) https://kouzili.com/Load-Step.pdf - Third Party Advisory | |
References | (MISC) https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
CWE | CWE-327 | |
CPE | cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:* |
17 Jan 2023, 23:01
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-17 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-36647
Mitre link : CVE-2021-36647
CVE.ORG link : CVE-2021-36647
JSON object : View
Products Affected
arm
- mbed_tls
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm