DEBIAN-CVE-2021-24119

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-24119
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-24119.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-24119
Upstream
Published
2021-07-14T13:15:08Z
Modified
2025-09-19T07:31:27.892995Z
Summary
[none]
Details

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

References

Affected packages

Debian:11 / mbedtls

Package

Name
mbedtls
Purl
pkg:deb/debian/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.16.9-0.1+deb11u1

Affected versions

2.*

2.16.9-0.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / mbedtls

Package

Name
mbedtls
Purl
pkg:deb/debian/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.16.11-0.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / mbedtls

Package

Name
mbedtls
Purl
pkg:deb/debian/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.16.11-0.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / mbedtls

Package

Name
mbedtls
Purl
pkg:deb/debian/mbedtls?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.16.11-0.1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}