CVE-2024-23170Observable Discrepancy in ARM Mbed TLS

CWE-203Observable DiscrepancyCWE-385Covert Timing ChannelCWE-1240Use of a Cryptographic Primitive with a Risky Implementation7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 56.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mbed MbedtlsARM Mbed TLSPaloalto Pan-os
Timeline
PublishedJan 31
Latest updateMay 14

Description

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDarm/mbed_tls2.0.02.28.7+1
Debianmbed/mbedtls< 2.28.7-1+1
Palo Altopaloalto/pan-os

🔴Vulnerability Details

3
OSV
CVE-2024-23170: An issue was discovered in Mbed TLS 22024-01-31
CVEList
CVE-2024-23170: An issue was discovered in Mbed TLS 22024-01-31
GHSA
GHSA-w2fw-qqqw-v63m: An issue was discovered in Mbed TLS 22024-01-31

📋Vendor Advisories

3
Palo Alto
PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack on PAN-OS2025-05-14
Microsoft
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations.2024-01-09
Debian
CVE-2024-23170: mbedtls - An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. Ther...2024
CVE-2024-23170 — Observable Discrepancy in ARM Mbed TLS | cvebase