Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mbed TLS 安全漏洞
Vulnerability Description
Mbed TLS是Mbed TLS开源的一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.5.x版本、3.6.5及之前版本和TF-PSA-Crypto 1.0版本存在安全漏洞,该漏洞源于有限域Diffie-Hellman中因输入验证不当导致缺乏贡献行为,可能使共享密钥被强制为少量值。
CVSS Information
N/A
Vulnerability Type
N/A