Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Vulnerability information for CVE-2021-24119

  • CVEID: CVE-2021-24119
  • PRODUCT: Mbed TLS
  • VERSION: Fixed in 2.26.0
  • PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
  • DESCRIPTION: Mbed TLS before the version 2.26.0 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
    Mbed TLS fixed the issue in version 2.26.0.
    Please refer to: https://github.com/ARMmbed/mbedtls/releases

Vulnerability information for CVE-2021-24116

  • CVEID: CVE-2021-24116
  • PRODUCT: WolfSSL
  • VERSION: Fixed in 4.6.0
  • PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
  • DESCRIPTION: WolfSSL before the version 4.6.0 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
    WolfSSL fixed the issue in version 4.6.0.
    Please refer to: https://github.com/wolfSSL/wolfssl/releases

Vulnerability information for CVE-2021-24117