Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-24119 - log back

CVE-2021-24119 edited at 14 Jul 2021 19:05:31

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Information disclosure

Description

+

In Trusted Firmware Mbed TLS before version 2.26.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

References

+	https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md#vulnerability-information-for-cve-2021-24119
+	https://github.com/ARMmbed/mbedtls/commit/0544d49330b9b12b244a54c9ff145d55c45f1aaf

Notes

CVE-2021-24119 created at 14 Jul 2021 18:59:34