Add changelog entry for mbedtls_mpi_write_binary fix
This commit is contained in:
parent
056f19c79f
commit
50da016e5c
1 changed files with 7 additions and 0 deletions
|
@ -9,6 +9,13 @@ Security
|
|||
RSA decryption (i.e. ciphersuites whose name contains RSA but not
|
||||
(EC)DH(E)). Reported by Eyal Ronen, Robert Gillham, Daniel Genkin, Adi
|
||||
Shamir, David Wong and Yuval Yarom. CVE-2018-19608
|
||||
* In mbedtls_mpi_write_binary(), don't leak the exact size of the number
|
||||
via branching and memory access patterns. An attacker who could submit
|
||||
a plaintext for RSA PKCS#1 v1.5 decryption but only observe the timing
|
||||
of the decryption and not its result could nonetheless decrypt RSA
|
||||
plaintexts and forge RSA signatures. Other asymmetric algorithms may
|
||||
have been similarly vulnerable. Reported by Eyal Ronen, Robert Gillham,
|
||||
Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom.
|
||||
|
||||
= mbed TLS 2.13.1 branch released 2018-09-06
|
||||
|
||||
|
|
Loading…
Reference in a new issue