ARM mbed TLS prior to 2.12.0, prior to 2.7.5, and prior to 2.1.14 allows remote malicious users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arm mbed tls |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |