CVE-2021-24119
MEDIUMMbed TLS < 2.26.0 - Side-Channel Information Disclosure via Base64 PEM Decoding
Title source: llmDescription
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html
Release Notes, Third Party Advisory
https://github.com/ARMmbed/mbedtls/releases
Release Notes, Third Party Advisory
https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
Scores
CVSS v3
4.9
EPSS
0.0079
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (5)
arm/mbed_tls
< 2.26.0
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
33
fedoraproject/fedora
34
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026