Vulnerability information for CVE-2021-24119
- CVEID: CVE-2021-24119
- PRODUCT: Mbed TLS
- VERSION: Fixed in 2.26.0
- PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
- DESCRIPTION: Mbed TLS before the version 2.26.0 uses a non-constant time
implementation for base64 decoding. Essentially, the usage of
a lookup table in decoding keys stored as PEM files, allows an
attacker to obtain key information by tracking the accessed
cache lines during key decoding. The attack was demonstrated in
Intel SGX.
Mbed TLS fixed the issue in version 2.26.0.
Please refer to: https://github.com/ARMmbed/mbedtls/releases
Vulnerability information for CVE-2021-24116
- CVEID: CVE-2021-24116
- PRODUCT: WolfSSL
- VERSION: Fixed in 4.6.0
- PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
- DESCRIPTION: WolfSSL before the version 4.6.0 uses a non-constant time
implementation for base64 decoding. Essentially, the usage of
a lookup table in decoding keys stored as PEM files, allows an
attacker to obtain key information by tracking the accessed
cache lines during key decoding. The attack was demonstrated in
Intel SGX.
WolfSSL fixed the issue in version 4.6.0.
Please refer to: https://github.com/wolfSSL/wolfssl/releases
Vulnerability information for CVE-2021-24117
- CVEID: CVE-2021-24117
- PRODUCT: Rust SGX
- VERSION: Vulnerable in v1.1.3
- PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
- DESCRIPTION: Rust SGX before and in the version v1.1.3 uses a non-constant time
implementation for base64 decoding. Essentially, the usage of
a lookup table in decoding keys stored as PEM files, allows an
attacker to obtain key information by tracking the accessed
cache lines during key decoding. The attack was demonstrated in
Intel SGX.
The issue is about to be fixed in the rust-base64 module:
https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a
marshallpierce/rust-base64#153
marshallpierce/rust-base64#157