Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-24117: util-lookup/cve-vulnerability-publication.md at main · UzL-ITS/util-lookup

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

CVE
#vulnerability#apache#git#intel#ssl

Permalink

Cannot retrieve contributors at this time

Vulnerability information for CVE-2021-24119

  • CVEID: CVE-2021-24119
  • PRODUCT: Mbed TLS
  • VERSION: Fixed in 2.26.0
  • PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
  • DESCRIPTION: Mbed TLS before the version 2.26.0 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
    Mbed TLS fixed the issue in version 2.26.0.
    Please refer to: https://github.com/ARMmbed/mbedtls/releases

Vulnerability information for CVE-2021-24116

  • CVEID: CVE-2021-24116
  • PRODUCT: WolfSSL
  • VERSION: Fixed in 4.6.0
  • PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
  • DESCRIPTION: WolfSSL before the version 4.6.0 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
    WolfSSL fixed the issue in version 4.6.0.
    Please refer to: https://github.com/wolfSSL/wolfssl/releases

Vulnerability information for CVE-2021-24117

  • CVEID: CVE-2021-24117
  • PRODUCT: Rust SGX
  • VERSION: Vulnerable in v1.1.3
  • PROBLEM TYPE: Side-Channel Vulnerability in base64 decoding
  • DESCRIPTION: Rust SGX before and in the version v1.1.3 uses a non-constant time implementation for base64 decoding. Essentially, the usage of a lookup table in decoding keys stored as PEM files, allows an attacker to obtain key information by tracking the accessed cache lines during key decoding. The attack was demonstrated in Intel SGX.
    The issue is about to be fixed in the rust-base64 module:
    https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a
    marshallpierce/rust-base64#153
    marshallpierce/rust-base64#157

Related news

CVE-2021-44718: wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS Library

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

CVE-2022-35409: Releases · Mbed-TLS/mbedtls

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.

CVE-2021-24119: Releases · Mbed-TLS/mbedtls

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907