VulnerableCode Package Details - pkg:alpm/archlinux/mbedtls@2.25.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-m8p7-8g8t-aaak Aliases: CVE-2021-24119	In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.	2.26.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-m8p7-8g8t-aaak
Aliases:
CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

2.26.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gcmg-8syc-aaaj	A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.	CVE-2020-16150

Vulnerability

Summary

Aliases

VCID-gcmg-8syc-aaaj

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

CVE-2020-16150

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:32.223347+00:00	Arch Linux Importer	Affected by	VCID-m8p7-8g8t-aaak	https://security.archlinux.org/AVG-2153	36.0.0
2025-03-28T07:45:46.645026+00:00	Arch Linux Importer	Fixing	VCID-gcmg-8syc-aaaj	https://security.archlinux.org/AVG-1386	36.0.0
2024-09-18T02:01:50.161107+00:00	Arch Linux Importer	Affected by	VCID-m8p7-8g8t-aaak	https://security.archlinux.org/AVG-2153	34.0.1
2024-09-18T02:00:47.795546+00:00	Arch Linux Importer	Fixing	VCID-gcmg-8syc-aaaj	https://security.archlinux.org/AVG-1386	34.0.1
2024-01-24T11:41:55.658377+00:00	Arch Linux Importer	Affected by	VCID-m8p7-8g8t-aaak	https://security.archlinux.org/AVG-2153	34.0.0rc2
2024-01-24T11:41:55.464202+00:00	Arch Linux Importer	Fixing	VCID-gcmg-8syc-aaaj	https://security.archlinux.org/AVG-1386	34.0.0rc2
2024-01-03T22:27:55.106253+00:00	Arch Linux Importer	Affected by	VCID-m8p7-8g8t-aaak	https://security.archlinux.org/AVG-2153	34.0.0rc1
2024-01-03T22:27:05.665811+00:00	Arch Linux Importer	Fixing	VCID-gcmg-8syc-aaaj	https://security.archlinux.org/AVG-1386	34.0.0rc1