Search for packages
Package details: pkg:conan/mbedtls@2.23.0
purl pkg:conan/mbedtls@2.23.0
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-gcmg-8syc-aaaj
Aliases:
CVE-2020-16150
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.
2.24.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-10-07T23:30:28.582921+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/mbedtls/CVE-2020-16150.yml 34.0.2
2024-09-22T23:44:23.172666+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/mbedtls/CVE-2020-16150.yml 34.0.1
2024-04-24T01:46:17.021729+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/mbedtls/CVE-2020-16150.yml 34.0.0rc4
2024-04-24T01:46:16.936715+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj None 34.0.0rc4
2024-01-10T04:17:26.566435+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/mbedtls/CVE-2020-16150.yml 34.0.0rc2
2024-01-10T04:17:26.480384+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj None 34.0.0rc2
2024-01-03T21:01:35.742673+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/mbedtls/CVE-2020-16150.yml 34.0.0rc1
2024-01-03T21:01:35.651347+00:00 GitLab Importer Affected by VCID-gcmg-8syc-aaaj None 34.0.0rc1