Headline
CVE-2021-24117: util-lookup/cve-vulnerability-publication.md at main · UzL-ITS/util-lookup
In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Permalink
Cannot retrieve contributors at this time
Vulnerability information for CVE-2021-24119
- CVEID: CVE-2021-24119
- PRODUCT: Mbed TLS
- VERSION: Fixed in 2.26.0
- PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
- DESCRIPTION: Mbed TLS before the version 2.26.0 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
Mbed TLS fixed the issue in version 2.26.0.
Please refer to: https://github.com/ARMmbed/mbedtls/releases
Vulnerability information for CVE-2021-24116
- CVEID: CVE-2021-24116
- PRODUCT: WolfSSL
- VERSION: Fixed in 4.6.0
- PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
- DESCRIPTION: WolfSSL before the version 4.6.0 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
WolfSSL fixed the issue in version 4.6.0.
Please refer to: https://github.com/wolfSSL/wolfssl/releases
Vulnerability information for CVE-2021-24117
- CVEID: CVE-2021-24117
- PRODUCT: Rust SGX
- VERSION: Vulnerable in v1.1.3
- PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
- DESCRIPTION: Rust SGX before and in the version v1.1.3 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
The issue is about to be fixed in the rust-base64 module:
https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a
marshallpierce/rust-base64#153
marshallpierce/rust-base64#157
Related news
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.