VDB
DEBIAN-CVE-2022-46392
DEBIAN-CVE-2022-46392
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | mbedtls | 0, 0, 0 |
| Debian:12 | mbedtls | 0, 0, 0 |
| Debian:14 | mbedtls | 0, 0, 0 |
| Debian:11 | mbedtls | 0, 2.16.9-0.1, 2.16.9-0.1 |
Timeline
- Dec 15, 2022 CVE Published
- Apr 28, 2026 CVE Updated