QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-16150

Back to search

CVE-2020-16150

Published: Sep 2, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length.

VendorProductVersions

n/a

n/a

affected
n/a

References

FEDORA-2020-48a1ae610c
vendor-advisory
FEDORA-2020-8b0d59bac6
vendor-advisory
FEDORA-2020-e75ade5e38
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now