CVE-2020-10932Observable Discrepancy in ARM Mbed TLS

CWE-203Observable DiscrepancyCWE-327Use of a Broken or Risky Cryptographic Algorithm8 documents6 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 85.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mbed MbedtlsARM Mbed TLSDebian Linux+1 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via sev

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

NVDarm/mbed_tls2.7.02.7.15+1
Debianmbed/mbedtls< 2.16.9-0.1+3

Also affects: Debian Linux 10.0, Fedora 31, 32

🔴Vulnerability Details

3
GHSA
GHSA-fj9x-f2wx-v38w: An issue was discovered in Arm Mbed TLS before 22022-05-24
OSV
CVE-2020-10932: An issue was discovered in Arm Mbed TLS before 22020-04-15
CVEList
CVE-2020-10932: An issue was discovered in Arm Mbed TLS before 22020-04-15

📋Vendor Advisories

1
Debian
CVE-2020-10932: mbedtls - An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. A...2020

💬Community

3
Bugzilla
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [epel-all]2020-05-21
Bugzilla
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure [fedora-all]2020-05-21
Bugzilla
CVE-2020-10932 mbedtls: side channel attack possibly leading to information disclosure2020-05-21
CVE-2020-10932 — Observable Discrepancy in ARM Mbed TLS | cvebase