VDB
GCVE-110-MAGEIA-2020-130
GCVE-110-MAGEIA-2020-130
Advisory Published
Updated mbedtls packages fix security vulnerabilities:
If Mbed TLS is running in an SGX enclave and the adversary has control
of the main operating system, they can launch a side channel attack to
recover the RSA private key when it is being imported. Found by Alejandro
Cabrera Aldaya and Billy Brumley and reported by Jack Lloyd.
Fix potential memory overread when performing an ECDSA signature operation.
The overread only happens with cryptographically low probability (of the
order of 2^-n where n is the bitsize of the curve) unless the RNG is broken,
and could result in information disclosure or denial of service (application
crash or extra resource consumption). Found by Auke Zeilstra and Peter
Schwabe, using static analysis.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mbedtls | 0 (affected), 2.16.5-1.mga7 (unaffected), 2.16.5-1.mga7 (unaffected), 0 (affected) | — |
| Mageia | flash-player-plugin | 0 (affected), 32.0.0.371-1.mga7.nonfree (unaffected) | — |
References
Updated flash-player-plugin packages
advisory
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.