← Back to CVEs

CVE-2020-20950

MEDIUM

5.9

Description

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

CVE Details

CVSS v3.1 Score5.9

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityHIGH

Privileges RequiredNONE

User InteractionNONE

Published1/19/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

apple:macosietf:public_key_cryptography_standards_\#1linux:linux_kernelmicrochip:microchip_libraries_for_applicationsmicrosoft:windows

Weaknesses (CWE)

CWE-327

References

http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf(cve@mitre.org)

http://microchip.com(cve@mitre.org)

https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb(cve@mitre.org)

https://www.microchip.com/mplab/microchip-libraries-for-applications(cve@mitre.org)

http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf(af854a3a-2127-422b-91ae-364da2661108)

http://microchip.com(af854a3a-2127-422b-91ae-364da2661108)

https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb(af854a3a-2127-422b-91ae-364da2661108)

https://www.microchip.com/mplab/microchip-libraries-for-applications(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.