Main Vulnerability Database SB20200714108

SB20200714108 - Fedora EPEL 6 update for mbedtls

Published: July 14, 2020 Updated: April 25, 2025

Security Bulletin ID SB20200714108

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing Encryption of Sensitive Data (CVE-ID: CVE-2020-10941)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

Install update from vendor's website.