Home > Vulnerability Database > CVE-2022-46392

Mend.io Vulnerability Database

CVE-2022-46392

Good to know:

Date: December 15, 2022

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.

Language: C

Severity Score

5.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46392

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/

Url: https://security-tracker.debian.org/tracker/CVE-2022-46392

Url: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2

Url: https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/

Url: https://www.mend.io/vulnerability-database/CVE-2022-46392

Severity Score

5.3

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Top Fix

Upgrade Version

Upgrade to version v2.8.2,mbedtls-2.28.2,v3.3.0,mbedtls-3.3.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46392

Good to know:

Date: December 15, 2022

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?