cbcvebase.
CVE-2020-10941
published 2020-03-24

CVE-2020-10941: Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

PriorityP427medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
1.63%
73.2th percentile
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

Affected

12 ranges
VendorProductVersion rangeFixed in
armmbed_crypto< 3.1.03.1.0
armmbed_tls< 2.16.52.16.5
debiandebian_linux
debianmbedtls< mbedtls 2.16.5-1 (bookworm)mbedtls 2.16.5-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
mbedmbedtls>= 0 < 2.16.5-12.16.5-1
mbedmbedtls>= 0 < 2.16.5-12.16.5-1
mbedmbedtls>= 0 < 2.16.5-12.16.5-1
mbedmbedtls>= 0 < 2.16.5-12.16.5-1
msrcazl3_qemu_8.2.0-16_on_azure_linux_3.0
msrccbl2_qemu_6.2.0-24_on_cbl_mariner_2.0

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_msrc5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.