JLSEC-2025-219
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-219.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-219.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/JLSEC-2025-219
- Upstream
- Published
- 2025-11-21T15:59:04.054Z
- Modified
- 2025-11-21T16:20:56.314674Z
- Summary
- An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0
- Details
-
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLSMPIWINDOW_SIZE) used for the exponentiation is 3 or smaller.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "imported": "2025-11-20T23:04:02.019Z", "id": "CVE-2022-46392", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-46392", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46392", "published": "2022-12-15T23:15:10.513Z", "modified": "2025-11-03T20:15:57.980Z" } ] }- References
-
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
- https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/
- https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html