Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mbed TLS 安全漏洞
Vulnerability Description
Mbed TLS是一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 2.x版本至2.28.7之前版本、3.x版本至3.5.2之前版本存在安全漏洞,该漏洞源于让敏感数据以明文形式暴露给攻击者。
CVSS Information
N/A
Vulnerability Type
N/A