CVE-2020-20949
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD
Description
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
Affected (22)
Products: St: Stm32cubef0, Stm32cubef1, Stm32cubef2, Stm32cubef3, Stm32cubef4, Stm32cubef7, Stm32cubeg0, Stm32cubeg4, Stm32cubeh7, Stm32cubeide, Stm32cubel0, Stm32cubel1, Stm32cubel4+, Stm32cubel5, Stm32cubemonitor, Stm32cubemp1, Stm32cubemx, Stm32cubeprogrammer, Stm32cubewb, Stm32cubewl · Ietf: Public Key Cryptography Standards #1
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.5 |
References (10)
Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.