VulnerableCode Package Details - pkg:conan/mbedtls@2.8.0

Search for packages

Package details: pkg:conan/mbedtls@2.8.0

Essentials
History (2)

purl	pkg:conan/mbedtls@2.8.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-gcmg-8syc-aaaj Aliases: CVE-2020-16150	A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.	2.24.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-17T22:48:08.511487+00:00	GitLab Importer	Affected by	VCID-gcmg-8syc-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/mbedtls/CVE-2020-16150.yml	34.0.1
2024-01-03T18:09:12.796529+00:00	GitLab Importer	Affected by	VCID-gcmg-8syc-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/mbedtls/CVE-2020-16150.yml	34.0.0rc1