CVE-2021-24117
MEDIUMApache Teaclave SGX SDK 1.1.3 - Side-Channel Information Disclosure via Base64 PEM Decoding
Title source: llmDescription
In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
References (3)
Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://docs.rs/crate/sgx_tstd/1.1.1
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a
Patch, Third Party Advisory x_refsource_misc
https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
Scores
CVSS v3
4.9
EPSS
0.0048
EPSS Percentile
65.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (1)
apache/teaclave_sgx_sdk
1.1.3
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026