CVE-2020-36421

Published: 7/19/2021 Last updated: 12/3/2025 Reserved: 7/19/2021

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.3	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Opam packages affected (1)

conf-mbedtls

Products affected (2)

Product	Vendor	Version
n/a	n/a	n/a
n/a	n/a	8.4.3.1

References (20)

https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
https://github.com/ARMmbed/mbedtls/issues/3394
https://bugs.gentoo.org/730752
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
https://github.com/ARMmbed/mbedtls/issues/3394
https://bugs.gentoo.org/730752
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
https://github.com/ARMmbed/mbedtls/issues/3394
https://bugs.gentoo.org/730752
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.7
https://github.com/ARMmbed/mbedtls/releases/tag/v2.23.0
https://github.com/ARMmbed/mbedtls/issues/3394
https://bugs.gentoo.org/730752
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html