CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-24117

MEDIUM
4.9
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile44.77th
Published2021年7月14日
Last Modified2024年11月21日

Vulnerability Description

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.

Affected Platforms (CPE)

📦
Apache

Teaclave Sgx Sdk

= 1.1.3

References & Advisories

🔗 https://docs.rs/crate/sgx_tstd/1.1.1
🔗 https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
🔗 https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a
🔗 https://docs.rs/crate/sgx_tstd/1.1.1
🔗 https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md
🔗 https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093911d5b2a

相关漏洞威胁

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...