An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2.x"
},
{
"fixed": "2.28.7"
},
{
"introduced": "3.x"
},
{
"fixed": "3.5.2"
}
],
"source": "DESCRIPTION"
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23170.json",
"cna_assigner": "mitre"
}