CVE-2022-46392

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-46392
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46392.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-46392
Downstream
Published
2022-12-15T00:00:00Z
Modified
2026-06-18T03:54:42.152104237Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLSMPIWINDOW_SIZE) used for the exponentiation is 3 or smaller.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46392.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b
Fixed
8c89224991adff88d53cd380f42a2baa36f91454
Fixed
89f040a5c938985c5f30728baed21e49d0846a53
Database specific 
{
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.3.0"
        }
    ],
    "cpe": "cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46392.json"