An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
CVE-2022-46392 - Medium Severity Vulnerability
Godot Engine ? Multi-platform 2D and 3D game engine
Library home page: https://github.com/godotengine/godot.git
Found in HEAD commit: e6580209fab1312cb824a455d2df99df8a9fb156
Found in base branch: main
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
Publish Date: 2022-12-15
URL: CVE-2022-46392
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2022-46392
Release Date: 2022-12-15
Fix Resolution: v2.8.2,mbedtls-2.28.2,v3.3.0,mbedtls-3.3.0
Step up your Open Source Security Game with Mend here