← Back

CVE-2020-20950

nvd nist
Published: Jan 19, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Affected (2)

Ietf
1 product
Public Key Cryptography Standards #1
Microchip
1 product
Microchip Libraries For Applications
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Public Key Cryptography Standards #1
Version 1.5
Configuration B
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Microchip Libraries For Applications
Up to 2018-11-26
Running on/withPlatform Versions
Apple
Macos
All versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-327
Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.

References (8)

Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: cve@mitre.org
Product
Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.