Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.

  • Published: Jul 19, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-36424
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.7
  • AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 1.9
  • AV:L/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
arm / mbed_tls - 2.7.17
arm / mbed_tls 2.8.0 2.16.8
arm / mbed_tls 2.17.0 2.24.0
debian / debian_linux 10.0 10.0.x