Home > Vulnerability Database > CVE-2022-46392

Mend.io Vulnerability Database

CVE-2022-46392

Date: December 14, 2022

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Language: C

Severity Score

5.3

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46392

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/

Url: https://security-tracker.debian.org/tracker/CVE-2022-46392

Url: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

Url: https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/

Url: https://www.mend.io/vulnerability-database/CVE-2022-46392

Severity Score

5.3

Weakness Type (CWE)

Observable Discrepancy

CWE-203

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46392

Date: December 14, 2022

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?