Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-23170 (GCVE-0-2024-23170)
Vulnerability from cvelistv5
Published
2024-01-31 00:00
Modified
2025-06-20 19:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/"
},
{
"name": "FEDORA-2024-bfd98be425",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"
},
{
"name": "FEDORA-2024-c7f1c839ac",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-31T15:14:22.942089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385 Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:59:31.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-22T03:06:24.794Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/"
},
{
"name": "FEDORA-2024-bfd98be425",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"
},
{
"name": "FEDORA-2024-c7f1c839ac",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-23170",
"datePublished": "2024-01-31T00:00:00.000Z",
"dateReserved": "2024-01-12T00:00:00.000Z",
"dateUpdated": "2025-06-20T19:59:31.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-23170\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-01-31T08:15:42.220\",\"lastModified\":\"2025-06-20T20:15:30.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \\\"Everlasting ROBOT: the Marvin Attack\\\" by Hubert Kario.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2. Hab\u00eda un canal lateral de sincronizaci\u00f3n en las operaciones privadas de RSA. Este canal lateral podr\u00eda ser suficiente para que un atacante local recupere el texto plano. Requiere que el atacante env\u00ede una gran cantidad de mensajes para descifrarlos, como se describe en \\\"Everlasting ROBOT: the Marvin Attack\\\" de Hubert Kario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-385\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.28.7\",\"matchCriteriaId\":\"E5465284-4EA3-4126-9130-374140F24FB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.5.2\",\"matchCriteriaId\":\"7B335AD2-884E-4C89-8366-6BF91036BB1B\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\", \"name\": \"FEDORA-2024-bfd98be425\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\", \"name\": \"FEDORA-2024-c7f1c839ac\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:59:32.032Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23170\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-31T15:14:22.942089Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-385\", \"description\": \"CWE-385 Covert Timing Channel\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-20T19:58:10.462Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/\", \"name\": \"FEDORA-2024-bfd98be425\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/\", \"name\": \"FEDORA-2024-c7f1c839ac\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \\\"Everlasting ROBOT: the Marvin Attack\\\" by Hubert Kario.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-02-22T03:06:24.794Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-23170\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-20T19:59:31.077Z\", \"dateReserved\": \"2024-01-12T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-01-31T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
opensuse-su-2024:0037-1
Vulnerability from csaf_opensuse
Published
2024-01-31 19:32
Modified
2024-01-31 19:32
Summary
Security update for mbedtls
Notes
Title of the patch
Security update for mbedtls
Description of the patch
This update for mbedtls fixes the following issues:
- Update to version 2.28.7:
- Resolves CVE-2024-23170 boo#1219336
- Update to 2.28.6:
Changes:
* Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
license. Users may choose which license they take the code under.
- Update to 2.28.5:
Features:
* The documentation of mbedtls_ecp_group now describes the optimized
representation of A for some curves. Fixes gh#Mbed-TLS/mbedtls#8045.
Security:
* Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
review the size of the output buffer passed to this function, and note that
the output after decryption may include CBC padding. Consider moving to the
new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which
checks for overflow of the output buffer and reports the actual length of
the output.
* Improve padding calculations in CBC decryption, NIST key unwrapping and
RSA OAEP decryption. With the previous implementation, some compilers
(notably recent versions of Clang and IAR) could produce non-constant time
code, which could allow a padding oracle attack if the attacker has access
to precise timing measurements.
* Fix a buffer overread when parsing short TLS application data records in
ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
Bugfix:
* Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
using ECC key. The certificate was rejected by some crypto frameworks.
Fixes gh#Mbed-TLS/mbedtls#2924.
* Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
signature can silently return an incorrect result in low memory conditions.
* Fix IAR compiler warnings. Fixes gh#Mbed-TLS/mbedtls#7873,
gh#Mbed-TLS/mbedtls#4300.
* Fix an issue when parsing an otherName subject alternative name into a
mbedtls_x509_san_other_name struct. The type-id of the otherName was not
copied to the struct. This meant that the struct had incomplete information
about the otherName SAN and contained uninitialized memory.
* Fix the detection of HardwareModuleName otherName SANs. These were being
detected by comparing the wrong field and the check was erroneously
inverted.
* Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes
gh#Mbed-TLS/mbedtls#7498. Functions in the ssl_cache module now return a
negative MBEDTLS_ERR_xxx error code on failure. Before, they returned 1 to
indicate failure in some cases involving a missing entry or a full cache.
Changes:
* In configurations with ARIA or Camellia but not AES, the value of
MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might suggest.
This did not affect any library code, because this macro was only used in
relation with CMAC which does not support these ciphers. Its value is now
16 if ARIA or Camellia are present. This may affect application code that
uses this macro.
- Update to 2.28.4:
Features:
* Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
setting the CMake variable of the same name at configuration time.
Bugfix:
* Fix crypt_and_hash decryption fail when used with a stream cipher
mode of operation, due to the input not being a multiple of the block
size. Resolves #7417.
* Fix a bug where mbedtls_x509_string_to_names() would return success
when given a invalid name string, if it did not contain '=' or ','.
* Fix missing PSA initialization in sample programs when
MBEDTLS_USE_PSA_CRYPTO is enabled.
* Fix clang and armclang compilation error when targeting certain Arm
M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
SecurCore SC000). Fixes #1077.
* Fixed an issue that caused compile errors when using CMake and the IAR
toolchain.
* Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
* Fix builds on Windows with clang.
* Fix compilation warnings in aes.c for certain combinations
of configuration options.
* Fix a compilation error on some platforms when including mbedtls/ssl.h
with all TLS support disabled. Fixes #6628.
Changes:
* Update test data to avoid failures of unit tests after 2023-08-07, and
update expiring certififcates in the certs
- Update to 2.28.3:
Features:
* Use HOSTCC (if it is set) when compiling C code during generation of the
configuration-independent files. This allows them to be generated when CC
is set for cross compilation.
* AES-NI is now supported with Visual Studio.
* AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM is
disabled, when compiling with GCC or Clang or a compatible compiler for a
target CPU that supports the requisite instructions (for example gcc -m32
-msse2 -maes -mpclmul). (Generic x86 builds with GCC-like compilers still
require MBEDTLS_HAVE_ASM and a 64-bit target.)
Security:
* MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on
builds that couldn't compile the GCC-style assembly implementation (most
notably builds with Visual Studio), leaving them vulnerable to timing
side-channel attacks. There is now an intrinsics-based AES-NI
implementation as a fallback for when the assembly one cannot be used.
Bugfix:
* Fix a build issue on Windows where the source and build directory could
not be on different drives (#5751).
* Fix possible integer overflow in mbedtls_timing_hardclock(), which
could cause a crash for certain platforms & compiler options.
* Fix IAR compiler warnings. Fixes #6924.
* Fix a bug in the build where directory names containing spaces were
causing generate_errors.pl to error out resulting in a build failure.
Fixes issue #6879.
* Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are
defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174.
* Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST.
The library would not link if the user didn't provide an external self-test
function. The self-test is now provided regardless of the choice of
internal/alternative timing implementation. Fixes #6923.
* mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
whose binary representation is longer than 20 bytes. This was already
forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
enforced also at code level.
* Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
Aaron Ucko under Valgrind.
* Fix behavior of certain sample programs which could, when run with no
arguments, access uninitialized memory in some cases. Fixes #6700 (which
was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
* Fix build errors in test programs when MBEDTLS_CERTS_C is disabled.
Fixes #6243.
* Fix parsing of X.509 SubjectAlternativeName extension. Previously,
malformed alternative name components were not caught during initial
certificate parsing, but only on subsequent calls to
mbedtls_x509_parse_subject_alt_name(). Fixes #2838.
* Fix bug in conversion from OID to string in
mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed
correctly.
* Reject OIDs with overlong-encoded subidentifiers when converting them to a
string.
* Reject OIDs with subidentifier values exceeding UINT_MAX. Such
subidentifiers can be valid, but Mbed TLS cannot currently handle them.
* Reject OIDs that have unterminated subidentifiers, or (equivalently) have
the most-significant bit set in their last byte.
* Silence a warning about an unused local variable in bignum.c on some
architectures. Fixes #7166.
* Silence warnings from clang -Wdocumentation about empty \retval
descriptions, which started appearing with Clang 15. Fixes #6960.
* Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if
len argument is 0 and buffer is NULL.
Changes:
* The C code follows a new coding style. This is transparent for users but
affects contributors and maintainers of local patches. For more
information, see
https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/
* Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. As tested in
issue 6790, the correlation between this define and RSA decryption
performance has changed lately due to security fixes. To fix the
performance degradation when using default values the window was reduced
from 6 to 2, a value that gives the best or close to best results when
tested on Cortex-M4 and Intel i7.
- Setup the mbedtls-2 package
- Build AVX2 enabled hwcaps library for x86_64-v3
Patchnames
openSUSE-2024-37
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mbedtls",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mbedtls fixes the following issues:\n\n- Update to version 2.28.7:\n\n - Resolves CVE-2024-23170 boo#1219336 \n\n- Update to 2.28.6:\n\n Changes:\n\n * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later\n license. Users may choose which license they take the code under.\n\n- Update to 2.28.5:\n\n Features:\n\n * The documentation of mbedtls_ecp_group now describes the optimized\n representation of A for some curves. Fixes gh#Mbed-TLS/mbedtls#8045.\n\n Security:\n\n * Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should\n review the size of the output buffer passed to this function, and note that\n the output after decryption may include CBC padding. Consider moving to the\n new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which\n checks for overflow of the output buffer and reports the actual length of\n the output.\n * Improve padding calculations in CBC decryption, NIST key unwrapping and\n RSA OAEP decryption. With the previous implementation, some compilers\n (notably recent versions of Clang and IAR) could produce non-constant time\n code, which could allow a padding oracle attack if the attacker has access\n to precise timing measurements.\n * Fix a buffer overread when parsing short TLS application data records in\n ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.\n\n Bugfix:\n\n * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when\n using ECC key. The certificate was rejected by some crypto frameworks.\n Fixes gh#Mbed-TLS/mbedtls#2924.\n * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA\n signature can silently return an incorrect result in low memory conditions.\n * Fix IAR compiler warnings. Fixes gh#Mbed-TLS/mbedtls#7873,\n gh#Mbed-TLS/mbedtls#4300.\n * Fix an issue when parsing an otherName subject alternative name into a\n mbedtls_x509_san_other_name struct. The type-id of the otherName was not\n copied to the struct. This meant that the struct had incomplete information\n about the otherName SAN and contained uninitialized memory.\n * Fix the detection of HardwareModuleName otherName SANs. These were being\n detected by comparing the wrong field and the check was erroneously\n inverted.\n * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not\n MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes\n gh#Mbed-TLS/mbedtls#7498. Functions in the ssl_cache module now return a\n negative MBEDTLS_ERR_xxx error code on failure. Before, they returned 1 to\n indicate failure in some cases involving a missing entry or a full cache.\n\n Changes:\n\n * In configurations with ARIA or Camellia but not AES, the value of\n MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might suggest.\n This did not affect any library code, because this macro was only used in\n relation with CMAC which does not support these ciphers. Its value is now\n 16 if ARIA or Camellia are present. This may affect application code that\n uses this macro.\n\n- Update to 2.28.4:\n\n Features:\n\n * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by\n setting the CMake variable of the same name at configuration time.\n\n Bugfix:\n\n * Fix crypt_and_hash decryption fail when used with a stream cipher\n mode of operation, due to the input not being a multiple of the block\n size. Resolves #7417.\n * Fix a bug where mbedtls_x509_string_to_names() would return success\n when given a invalid name string, if it did not contain \u0027=\u0027 or \u0027,\u0027.\n * Fix missing PSA initialization in sample programs when\n MBEDTLS_USE_PSA_CRYPTO is enabled.\n * Fix clang and armclang compilation error when targeting certain Arm\n M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,\n SecurCore SC000). Fixes #1077.\n * Fixed an issue that caused compile errors when using CMake and the IAR\n toolchain.\n * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.\n * Fix builds on Windows with clang.\n * Fix compilation warnings in aes.c for certain combinations\n of configuration options.\n * Fix a compilation error on some platforms when including mbedtls/ssl.h\n with all TLS support disabled. Fixes #6628.\n\n Changes:\n\n * Update test data to avoid failures of unit tests after 2023-08-07, and\n update expiring certififcates in the certs \n\n- Update to 2.28.3:\n\n Features:\n\n * Use HOSTCC (if it is set) when compiling C code during generation of the\n configuration-independent files. This allows them to be generated when CC\n is set for cross compilation.\n * AES-NI is now supported with Visual Studio.\n * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM is\n disabled, when compiling with GCC or Clang or a compatible compiler for a\n target CPU that supports the requisite instructions (for example gcc -m32\n -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like compilers still\n require MBEDTLS_HAVE_ASM and a 64-bit target.)\n\n Security:\n\n * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on\n builds that couldn\u0027t compile the GCC-style assembly implementation (most\n notably builds with Visual Studio), leaving them vulnerable to timing\n side-channel attacks. There is now an intrinsics-based AES-NI\n implementation as a fallback for when the assembly one cannot be used.\n\n Bugfix:\n\n * Fix a build issue on Windows where the source and build directory could\n not be on different drives (#5751).\n * Fix possible integer overflow in mbedtls_timing_hardclock(), which\n could cause a crash for certain platforms \u0026 compiler options.\n * Fix IAR compiler warnings. Fixes #6924.\n * Fix a bug in the build where directory names containing spaces were\n causing generate_errors.pl to error out resulting in a build failure.\n Fixes issue #6879.\n * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are\n defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174.\n * Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST.\n The library would not link if the user didn\u0027t provide an external self-test\n function. The self-test is now provided regardless of the choice of\n internal/alternative timing implementation. Fixes #6923.\n * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers\n whose binary representation is longer than 20 bytes. This was already\n forbidden by the standard (RFC5280 - section 4.1.2.2) and now it\u0027s being\n enforced also at code level.\n * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by\n Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by\n Aaron Ucko under Valgrind.\n * Fix behavior of certain sample programs which could, when run with no\n arguments, access uninitialized memory in some cases. Fixes #6700 (which\n was found by TrustInSoft Analyzer during REDOCS\u002722) and #1120.\n * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled.\n Fixes #6243.\n * Fix parsing of X.509 SubjectAlternativeName extension. Previously,\n malformed alternative name components were not caught during initial\n certificate parsing, but only on subsequent calls to\n mbedtls_x509_parse_subject_alt_name(). Fixes #2838.\n * Fix bug in conversion from OID to string in\n mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed\n correctly.\n * Reject OIDs with overlong-encoded subidentifiers when converting them to a\n string.\n * Reject OIDs with subidentifier values exceeding UINT_MAX. Such\n subidentifiers can be valid, but Mbed TLS cannot currently handle them.\n * Reject OIDs that have unterminated subidentifiers, or (equivalently) have\n the most-significant bit set in their last byte.\n * Silence a warning about an unused local variable in bignum.c on some\n architectures. Fixes #7166.\n * Silence warnings from clang -Wdocumentation about empty \\retval\n descriptions, which started appearing with Clang 15. Fixes #6960.\n * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if\n len argument is 0 and buffer is NULL.\n\n Changes:\n\n * The C code follows a new coding style. This is transparent for users but\n affects contributors and maintainers of local patches. For more\n information, see\n https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/\n * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. As tested in\n issue 6790, the correlation between this define and RSA decryption\n performance has changed lately due to security fixes. To fix the\n performance degradation when using default values the window was reduced\n from 6 to 2, a value that gives the best or close to best results when\n tested on Cortex-M4 and Intel i7.\n\n- Setup the mbedtls-2 package\n- Build AVX2 enabled hwcaps library for x86_64-v3\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-37",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0037-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0037-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFW4YTDRTJEE3RUQXN4MRJ2SIL4ISBZT/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0037-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFW4YTDRTJEE3RUQXN4MRJ2SIL4ISBZT/"
},
{
"category": "self",
"summary": "SUSE Bug 1219336",
"url": "https://bugzilla.suse.com/1219336"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23170 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23170/"
}
],
"title": "Security update for mbedtls",
"tracking": {
"current_release_date": "2024-01-31T19:32:31Z",
"generator": {
"date": "2024-01-31T19:32:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0037-1",
"initial_release_date": "2024-01-31T19:32:31Z",
"revision_history": [
{
"date": "2024-01-31T19:32:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"product": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"product_id": "libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"product": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"product_id": "libmbedtls14-2.28.7-bp155.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"product": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"product_id": "libmbedx509-1-2.28.7-bp155.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"product": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"product_id": "mbedtls-devel-2.28.7-bp155.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"product": {
"name": "libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"product_id": "libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"product": {
"name": "libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"product_id": "libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"product": {
"name": "libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"product_id": "libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"product": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"product_id": "libmbedcrypto7-2.28.7-bp155.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-bp155.2.3.1.i586",
"product": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.i586",
"product_id": "libmbedtls14-2.28.7-bp155.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"product": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"product_id": "libmbedx509-1-2.28.7-bp155.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"product": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"product_id": "mbedtls-devel-2.28.7-bp155.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"product": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"product_id": "libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"product": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"product_id": "libmbedtls14-2.28.7-bp155.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"product": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"product_id": "libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"product": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"product_id": "mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"product": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"product_id": "libmbedcrypto7-2.28.7-bp155.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"product": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"product_id": "libmbedtls14-2.28.7-bp155.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"product": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"product_id": "libmbedx509-1-2.28.7-bp155.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"product": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"product_id": "mbedtls-devel-2.28.7-bp155.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"product": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"product_id": "libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"product": {
"name": "libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"product_id": "libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"product": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"product_id": "libmbedtls14-2.28.7-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"product": {
"name": "libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"product_id": "libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"product": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"product_id": "libmbedx509-1-2.28.7-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"product": {
"name": "libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"product_id": "libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.x86_64",
"product": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.x86_64",
"product_id": "mbedtls-devel-2.28.7-bp155.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP5",
"product": {
"name": "SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
},
"product_reference": "libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
},
"product_reference": "libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
},
"product_reference": "libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.i586 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.s390x as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
"product_id": "SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
},
"product_reference": "libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
},
"product_reference": "libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32"
},
"product_reference": "libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.i586 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.i586"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-2.28.7-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64"
},
"product_reference": "mbedtls-devel-2.28.7-bp155.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23170"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23170",
"url": "https://www.suse.com/security/cve/CVE-2024-23170"
},
{
"category": "external",
"summary": "SUSE Bug 1219336 for CVE-2024-23170",
"url": "https://bugzilla.suse.com/1219336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"SUSE Package Hub 15 SP5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"SUSE Package Hub 15 SP5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedcrypto7-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedcrypto7-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedtls14-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedtls14-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedtls14-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:libmbedx509-1-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedx509-1-32bit-2.28.7-bp155.2.3.1.x86_64",
"openSUSE Leap 15.5:libmbedx509-1-64bit-2.28.7-bp155.2.3.1.aarch64_ilp32",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.aarch64",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.i586",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.ppc64le",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.s390x",
"openSUSE Leap 15.5:mbedtls-devel-2.28.7-bp155.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-01-31T19:32:31Z",
"details": "moderate"
}
],
"title": "CVE-2024-23170"
}
]
}
opensuse-su-2024:13639-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libeverest-3.5.2-1.1 on GA media
Notes
Title of the patch
libeverest-3.5.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the libeverest-3.5.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13639
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libeverest-3.5.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libeverest-3.5.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13639",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13639-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23170 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23170/"
}
],
"title": "libeverest-3.5.2-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13639-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libeverest-3.5.2-1.1.aarch64",
"product": {
"name": "libeverest-3.5.2-1.1.aarch64",
"product_id": "libeverest-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libeverest-x86-64-v3-3.5.2-1.1.aarch64",
"product": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.aarch64",
"product_id": "libeverest-x86-64-v3-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-3.5.2-1.1.aarch64",
"product": {
"name": "libmbedcrypto15-3.5.2-1.1.aarch64",
"product_id": "libmbedcrypto15-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64",
"product": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64",
"product_id": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedtls20-3.5.2-1.1.aarch64",
"product": {
"name": "libmbedtls20-3.5.2-1.1.aarch64",
"product_id": "libmbedtls20-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64",
"product": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64",
"product_id": "libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-3.5.2-1.1.aarch64",
"product": {
"name": "libmbedx509-6-3.5.2-1.1.aarch64",
"product_id": "libmbedx509-6-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64",
"product": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64",
"product_id": "libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libp256m-3.5.2-1.1.aarch64",
"product": {
"name": "libp256m-3.5.2-1.1.aarch64",
"product_id": "libp256m-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libp256m-x86-64-v3-3.5.2-1.1.aarch64",
"product": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.aarch64",
"product_id": "libp256m-x86-64-v3-3.5.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-3.5.2-1.1.aarch64",
"product": {
"name": "mbedtls-devel-3.5.2-1.1.aarch64",
"product_id": "mbedtls-devel-3.5.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libeverest-3.5.2-1.1.ppc64le",
"product": {
"name": "libeverest-3.5.2-1.1.ppc64le",
"product_id": "libeverest-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libeverest-x86-64-v3-3.5.2-1.1.ppc64le",
"product": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.ppc64le",
"product_id": "libeverest-x86-64-v3-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-3.5.2-1.1.ppc64le",
"product": {
"name": "libmbedcrypto15-3.5.2-1.1.ppc64le",
"product_id": "libmbedcrypto15-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le",
"product": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le",
"product_id": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedtls20-3.5.2-1.1.ppc64le",
"product": {
"name": "libmbedtls20-3.5.2-1.1.ppc64le",
"product_id": "libmbedtls20-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le",
"product": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le",
"product_id": "libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-3.5.2-1.1.ppc64le",
"product": {
"name": "libmbedx509-6-3.5.2-1.1.ppc64le",
"product_id": "libmbedx509-6-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le",
"product": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le",
"product_id": "libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libp256m-3.5.2-1.1.ppc64le",
"product": {
"name": "libp256m-3.5.2-1.1.ppc64le",
"product_id": "libp256m-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libp256m-x86-64-v3-3.5.2-1.1.ppc64le",
"product": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.ppc64le",
"product_id": "libp256m-x86-64-v3-3.5.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-3.5.2-1.1.ppc64le",
"product": {
"name": "mbedtls-devel-3.5.2-1.1.ppc64le",
"product_id": "mbedtls-devel-3.5.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libeverest-3.5.2-1.1.s390x",
"product": {
"name": "libeverest-3.5.2-1.1.s390x",
"product_id": "libeverest-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libeverest-x86-64-v3-3.5.2-1.1.s390x",
"product": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.s390x",
"product_id": "libeverest-x86-64-v3-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-3.5.2-1.1.s390x",
"product": {
"name": "libmbedcrypto15-3.5.2-1.1.s390x",
"product_id": "libmbedcrypto15-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x",
"product": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x",
"product_id": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedtls20-3.5.2-1.1.s390x",
"product": {
"name": "libmbedtls20-3.5.2-1.1.s390x",
"product_id": "libmbedtls20-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.s390x",
"product": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.s390x",
"product_id": "libmbedtls20-x86-64-v3-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-3.5.2-1.1.s390x",
"product": {
"name": "libmbedx509-6-3.5.2-1.1.s390x",
"product_id": "libmbedx509-6-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x",
"product": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x",
"product_id": "libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libp256m-3.5.2-1.1.s390x",
"product": {
"name": "libp256m-3.5.2-1.1.s390x",
"product_id": "libp256m-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libp256m-x86-64-v3-3.5.2-1.1.s390x",
"product": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.s390x",
"product_id": "libp256m-x86-64-v3-3.5.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-3.5.2-1.1.s390x",
"product": {
"name": "mbedtls-devel-3.5.2-1.1.s390x",
"product_id": "mbedtls-devel-3.5.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libeverest-3.5.2-1.1.x86_64",
"product": {
"name": "libeverest-3.5.2-1.1.x86_64",
"product_id": "libeverest-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libeverest-x86-64-v3-3.5.2-1.1.x86_64",
"product": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.x86_64",
"product_id": "libeverest-x86-64-v3-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-3.5.2-1.1.x86_64",
"product": {
"name": "libmbedcrypto15-3.5.2-1.1.x86_64",
"product_id": "libmbedcrypto15-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64",
"product": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64",
"product_id": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedtls20-3.5.2-1.1.x86_64",
"product": {
"name": "libmbedtls20-3.5.2-1.1.x86_64",
"product_id": "libmbedtls20-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64",
"product": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64",
"product_id": "libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-3.5.2-1.1.x86_64",
"product": {
"name": "libmbedx509-6-3.5.2-1.1.x86_64",
"product_id": "libmbedx509-6-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64",
"product": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64",
"product_id": "libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libp256m-3.5.2-1.1.x86_64",
"product": {
"name": "libp256m-3.5.2-1.1.x86_64",
"product_id": "libp256m-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libp256m-x86-64-v3-3.5.2-1.1.x86_64",
"product": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.x86_64",
"product_id": "libp256m-x86-64-v3-3.5.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mbedtls-devel-3.5.2-1.1.x86_64",
"product": {
"name": "mbedtls-devel-3.5.2-1.1.x86_64",
"product_id": "mbedtls-devel-3.5.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-3.5.2-1.1.aarch64"
},
"product_reference": "libeverest-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-3.5.2-1.1.ppc64le"
},
"product_reference": "libeverest-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-3.5.2-1.1.s390x"
},
"product_reference": "libeverest-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-3.5.2-1.1.x86_64"
},
"product_reference": "libeverest-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.aarch64"
},
"product_reference": "libeverest-x86-64-v3-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.ppc64le"
},
"product_reference": "libeverest-x86-64-v3-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.s390x"
},
"product_reference": "libeverest-x86-64-v3-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libeverest-x86-64-v3-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.x86_64"
},
"product_reference": "libeverest-x86-64-v3-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.aarch64"
},
"product_reference": "libmbedcrypto15-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.ppc64le"
},
"product_reference": "libmbedcrypto15-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.s390x"
},
"product_reference": "libmbedcrypto15-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.x86_64"
},
"product_reference": "libmbedcrypto15-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64"
},
"product_reference": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le"
},
"product_reference": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x"
},
"product_reference": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64"
},
"product_reference": "libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.aarch64"
},
"product_reference": "libmbedtls20-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.ppc64le"
},
"product_reference": "libmbedtls20-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.s390x"
},
"product_reference": "libmbedtls20-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.x86_64"
},
"product_reference": "libmbedtls20-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64"
},
"product_reference": "libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le"
},
"product_reference": "libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.s390x"
},
"product_reference": "libmbedtls20-x86-64-v3-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64"
},
"product_reference": "libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.aarch64"
},
"product_reference": "libmbedx509-6-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.ppc64le"
},
"product_reference": "libmbedx509-6-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.s390x"
},
"product_reference": "libmbedx509-6-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.x86_64"
},
"product_reference": "libmbedx509-6-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64"
},
"product_reference": "libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le"
},
"product_reference": "libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x"
},
"product_reference": "libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64"
},
"product_reference": "libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-3.5.2-1.1.aarch64"
},
"product_reference": "libp256m-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-3.5.2-1.1.ppc64le"
},
"product_reference": "libp256m-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-3.5.2-1.1.s390x"
},
"product_reference": "libp256m-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-3.5.2-1.1.x86_64"
},
"product_reference": "libp256m-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.aarch64"
},
"product_reference": "libp256m-x86-64-v3-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.ppc64le"
},
"product_reference": "libp256m-x86-64-v3-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.s390x"
},
"product_reference": "libp256m-x86-64-v3-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libp256m-x86-64-v3-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.x86_64"
},
"product_reference": "libp256m-x86-64-v3-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-3.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.aarch64"
},
"product_reference": "mbedtls-devel-3.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-3.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.ppc64le"
},
"product_reference": "mbedtls-devel-3.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-3.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.s390x"
},
"product_reference": "mbedtls-devel-3.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-devel-3.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.x86_64"
},
"product_reference": "mbedtls-devel-3.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23170"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23170",
"url": "https://www.suse.com/security/cve/CVE-2024-23170"
},
{
"category": "external",
"summary": "SUSE Bug 1219336 for CVE-2024-23170",
"url": "https://bugzilla.suse.com/1219336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libeverest-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libeverest-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto15-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto15-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls20-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls20-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-6-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-6-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libp256m-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:libp256m-x86-64-v3-3.5.2-1.1.x86_64",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.aarch64",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.s390x",
"openSUSE Tumbleweed:mbedtls-devel-3.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-23170"
}
]
}
opensuse-su-2024:13640-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libmbedcrypto7-2.28.7-1.1 on GA media
Notes
Title of the patch
libmbedcrypto7-2.28.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the libmbedcrypto7-2.28.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13640
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libmbedcrypto7-2.28.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libmbedcrypto7-2.28.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13640",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13640-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23170 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23170/"
}
],
"title": "libmbedcrypto7-2.28.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13640-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-1.1.aarch64",
"product": {
"name": "libmbedcrypto7-2.28.7-1.1.aarch64",
"product_id": "libmbedcrypto7-2.28.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64",
"product": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64",
"product_id": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-1.1.aarch64",
"product": {
"name": "libmbedtls14-2.28.7-1.1.aarch64",
"product_id": "libmbedtls14-2.28.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64",
"product": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64",
"product_id": "libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-1.1.aarch64",
"product": {
"name": "libmbedx509-1-2.28.7-1.1.aarch64",
"product_id": "libmbedx509-1-2.28.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64",
"product": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64",
"product_id": "libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mbedtls-2-devel-2.28.7-1.1.aarch64",
"product": {
"name": "mbedtls-2-devel-2.28.7-1.1.aarch64",
"product_id": "mbedtls-2-devel-2.28.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-1.1.ppc64le",
"product": {
"name": "libmbedcrypto7-2.28.7-1.1.ppc64le",
"product_id": "libmbedcrypto7-2.28.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le",
"product": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le",
"product_id": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-1.1.ppc64le",
"product": {
"name": "libmbedtls14-2.28.7-1.1.ppc64le",
"product_id": "libmbedtls14-2.28.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le",
"product": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le",
"product_id": "libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-1.1.ppc64le",
"product": {
"name": "libmbedx509-1-2.28.7-1.1.ppc64le",
"product_id": "libmbedx509-1-2.28.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le",
"product": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le",
"product_id": "libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mbedtls-2-devel-2.28.7-1.1.ppc64le",
"product": {
"name": "mbedtls-2-devel-2.28.7-1.1.ppc64le",
"product_id": "mbedtls-2-devel-2.28.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-1.1.s390x",
"product": {
"name": "libmbedcrypto7-2.28.7-1.1.s390x",
"product_id": "libmbedcrypto7-2.28.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x",
"product": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x",
"product_id": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-1.1.s390x",
"product": {
"name": "libmbedtls14-2.28.7-1.1.s390x",
"product_id": "libmbedtls14-2.28.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.s390x",
"product": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.s390x",
"product_id": "libmbedtls14-x86-64-v3-2.28.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-1.1.s390x",
"product": {
"name": "libmbedx509-1-2.28.7-1.1.s390x",
"product_id": "libmbedx509-1-2.28.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x",
"product": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x",
"product_id": "libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mbedtls-2-devel-2.28.7-1.1.s390x",
"product": {
"name": "mbedtls-2-devel-2.28.7-1.1.s390x",
"product_id": "mbedtls-2-devel-2.28.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmbedcrypto7-2.28.7-1.1.x86_64",
"product": {
"name": "libmbedcrypto7-2.28.7-1.1.x86_64",
"product_id": "libmbedcrypto7-2.28.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64",
"product": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64",
"product_id": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedtls14-2.28.7-1.1.x86_64",
"product": {
"name": "libmbedtls14-2.28.7-1.1.x86_64",
"product_id": "libmbedtls14-2.28.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64",
"product": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64",
"product_id": "libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-2.28.7-1.1.x86_64",
"product": {
"name": "libmbedx509-1-2.28.7-1.1.x86_64",
"product_id": "libmbedx509-1-2.28.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64",
"product": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64",
"product_id": "libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mbedtls-2-devel-2.28.7-1.1.x86_64",
"product": {
"name": "mbedtls-2-devel-2.28.7-1.1.x86_64",
"product_id": "mbedtls-2-devel-2.28.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.aarch64"
},
"product_reference": "libmbedcrypto7-2.28.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.ppc64le"
},
"product_reference": "libmbedcrypto7-2.28.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.s390x"
},
"product_reference": "libmbedcrypto7-2.28.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-2.28.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.x86_64"
},
"product_reference": "libmbedcrypto7-2.28.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64"
},
"product_reference": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le"
},
"product_reference": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x"
},
"product_reference": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64"
},
"product_reference": "libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.aarch64"
},
"product_reference": "libmbedtls14-2.28.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.ppc64le"
},
"product_reference": "libmbedtls14-2.28.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.s390x"
},
"product_reference": "libmbedtls14-2.28.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-2.28.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.x86_64"
},
"product_reference": "libmbedtls14-2.28.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64"
},
"product_reference": "libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le"
},
"product_reference": "libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.s390x"
},
"product_reference": "libmbedtls14-x86-64-v3-2.28.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64"
},
"product_reference": "libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.aarch64"
},
"product_reference": "libmbedx509-1-2.28.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.ppc64le"
},
"product_reference": "libmbedx509-1-2.28.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.s390x"
},
"product_reference": "libmbedx509-1-2.28.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-2.28.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.x86_64"
},
"product_reference": "libmbedx509-1-2.28.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64"
},
"product_reference": "libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le"
},
"product_reference": "libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x"
},
"product_reference": "libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64"
},
"product_reference": "libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-2-devel-2.28.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.aarch64"
},
"product_reference": "mbedtls-2-devel-2.28.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-2-devel-2.28.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.ppc64le"
},
"product_reference": "mbedtls-2-devel-2.28.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-2-devel-2.28.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.s390x"
},
"product_reference": "mbedtls-2-devel-2.28.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mbedtls-2-devel-2.28.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.x86_64"
},
"product_reference": "mbedtls-2-devel-2.28.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23170"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23170",
"url": "https://www.suse.com/security/cve/CVE-2024-23170"
},
{
"category": "external",
"summary": "SUSE Bug 1219336 for CVE-2024-23170",
"url": "https://bugzilla.suse.com/1219336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto7-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls14-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-1-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.7-1.1.x86_64",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.aarch64",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.ppc64le",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.s390x",
"openSUSE Tumbleweed:mbedtls-2-devel-2.28.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-23170"
}
]
}
fkie_cve-2024-23170
Vulnerability from fkie_nvd
Published
2024-01-31 08:15
Modified
2025-06-20 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/ | ||
| cve@mitre.org | https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5465284-4EA3-4126-9130-374140F24FB5",
"versionEndExcluding": "2.28.7",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B335AD2-884E-4C89-8366-6BF91036BB1B",
"versionEndExcluding": "3.5.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2. Hab\u00eda un canal lateral de sincronizaci\u00f3n en las operaciones privadas de RSA. Este canal lateral podr\u00eda ser suficiente para que un atacante local recupere el texto plano. Requiere que el atacante env\u00ede una gran cantidad de mensajes para descifrarlos, como se describe en \"Everlasting ROBOT: the Marvin Attack\" de Hubert Kario."
}
],
"id": "CVE-2024-23170",
"lastModified": "2025-06-20T20:15:30.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-31T08:15:42.220",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
ghsa-w2fw-qqqw-v63m
Vulnerability from github
Published
2024-01-31 09:30
Modified
2024-02-22 03:30
Severity ?
VLAI Severity ?
Details
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
{
"affected": [],
"aliases": [
"CVE-2024-23170"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-31T08:15:42Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"id": "GHSA-w2fw-qqqw-v63m",
"modified": "2024-02-22T03:30:35Z",
"published": "2024-01-31T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23170"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2"
},
{
"type": "WEB",
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
gsd-2024-23170
Vulnerability from gsd
Modified
2024-01-12 06:02
Details
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-23170"
],
"details": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
"id": "GSD-2024-23170",
"modified": "2024-01-12T06:02:17.979052Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-23170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/",
"refsource": "MISC",
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/"
},
{
"name": "FEDORA-2024-bfd98be425",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"
},
{
"name": "FEDORA-2024-c7f1c839ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5465284-4EA3-4126-9130-374140F24FB5",
"versionEndExcluding": "2.28.7",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B335AD2-884E-4C89-8366-6BF91036BB1B",
"versionEndExcluding": "3.5.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2. Hab\u00eda un canal lateral de sincronizaci\u00f3n en las operaciones privadas de RSA. Este canal lateral podr\u00eda ser suficiente para que un atacante local recupere el texto plano. Requiere que el atacante env\u00ede una gran cantidad de mensajes para descifrarlos, como se describe en \"Everlasting ROBOT: the Marvin Attack\" de Hubert Kario."
}
],
"id": "CVE-2024-23170",
"lastModified": "2024-02-22T03:15:08.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-31T08:15:42.220",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…