Skip to main content

Covert Timing Channel

CVE-2020-25657

Severity Medium
Score 5.9/10

Summary

A flaw was found in versions prior to 0.39.0 of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

  • HIGH
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-385 - Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Advisory Timeline

  • Published