mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 02:43:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1139 from yanesca/update-Marvin-changelog

Browse Source 
Update Marvin fix Changelog entry
This commit is contained in:
Gilles Peskine 2024-01-16 11:19:20 +01:00 committed by GitHub
commit afd8154b1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ChangeLog.d/fix-Marvin-attack.txt
View File

@ -1,6 +1,8 @@
Security
* Fix a timing side channel in RSA private operations. This side channel
could be sufficient for a local attacker to recover the plaintext. It
requires the attacker to send a large number of messages for decryption.
For details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario.
Reported by Hubert Kario, Red Hat.
* Fix a timing side channel in private key RSA operations. This side channel
could be sufficient for an attacker to recover the plaintext. A local
attacker or a remote attacker who is close to the victim on the network
might have precise enough timing measurements to exploit this. It requires
the attacker to send a large number of messages for decryption. For
details, see "Everlasting ROBOT: the Marvin Attack", Hubert Kario. Reported
by Hubert Kario, Red Hat.