CNNVD-202510-2565 Information
CNNVD ID
CNNVD-202510-2565
Related CVE
- CNNVD Published: 2025-10-20
Description (Chinese)
Mbed TLS是Mbed TLS开源的一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.6.5之前版本存在安全漏洞,该漏洞源于本地计时攻击和直接调用mbedtls_mpi_mod_inv或mbedtls_mpi_gcd,可能导致信息泄露。
Description (English)
Mbed TLS is an open source, portable, user-friendly, readable and flexible SSL library for Mbed TLS. Mbed TLS 3.6.5 has a security loophole, which stems from local timing attacks and direct calls to mbedtls mpi mod inv or mbedtls mpi gcd, which may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mbed TLS
Published
2025-10-20
Last Modified
2026-02-24
References
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/ https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ https://vigilance.fr/vulnerability/Mbed-TLS-information-disclosure-via-RSA-Key-Generation-48528
Patch
https://github.com/Mbed-TLS/mbedtls/releases
Share on: