CVE-2020-20949
MEDIUMSTM32Cube Cryptographic Library - Remote Information Disclosure via Bleichenbacher's PKCS #1 v1.5 Oracle Attack
Title source: llmDescription
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
References (5)
Core 5
Core References
Technical Description, Third Party Advisory x_refsource_misc
http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf
Broken Link x_refsource_misc
http://x-cube-cryptolib.com
Third Party Advisory x_refsource_misc
https://www.st.com/en/embedded-software/x-cube-cryptolib.html
Technical Description, Third Party Advisory x_refsource_misc
https://bi-zone.medium.com/silence-will-fall-or-how-it-can-take-2-years-to-get-your-vuln-registered-e6134846f5bb
Product x_refsource_misc
http://st.com
Scores
CVSS v3
5.9
EPSS
0.0092
EPSS Percentile
55.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (22)
ietf/public_key_cryptography_standards_\#1
1.5
st/stm32cubef0
st/stm32cubef1
st/stm32cubef2
st/stm32cubef3
st/stm32cubef4
st/stm32cubef7
st/stm32cubeg0
st/stm32cubeg4
st/stm32cubeh7
... and 12 more
Published
Jan 20, 2021
Tracked Since
Feb 18, 2026