Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mbed TLS 安全漏洞
Vulnerability Description
Mbed TLS是一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 2.28.2之前版本、Mbed TLS 3.3.0 之前版本存在安全漏洞,该漏洞源于如果窗口大小 (MBEDTLS_MPI_WINDOW_SIZE) 用于 幂为 3 或更小,则 DTLS 中可能存在基于堆的缓冲区溢出和基于堆的缓冲区过度读取。
CVSS Information
N/A
Vulnerability Type
N/A