1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00

We have a CVE ID

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2025-09-16 10:39:29 +02:00
parent 3e59e0ae08
commit d1244932f1

View File

@@ -2,4 +2,4 @@ Security
* Fix a timing side channel in CBC-PKCS7 decryption that could * Fix a timing side channel in CBC-PKCS7 decryption that could
allow an attacker who can submit chosen ciphertexts to recover allow an attacker who can submit chosen ciphertexts to recover
some plaintexts through a timing-based padding oracle attack. some plaintexts through a timing-based padding oracle attack.
Credits to Beat Heeb from Oberon microsystems AG. CVE-TODO Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438