Vulnerability Description
In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Teaclave Sgx Sdk | 1.1.3 |
Related Weaknesses (CWE)
References
- https://docs.rs/crate/sgx_tstd/1.1.1ProductThird Party Advisory
- https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.mPatchThird Party Advisory
- https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093Issue TrackingPatchThird Party Advisory
- https://docs.rs/crate/sgx_tstd/1.1.1ProductThird Party Advisory
- https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.mPatchThird Party Advisory
- https://github.com/dingelish/rust-base64/commit/a554b7ae880553db6dde8a387101a093Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2021-24117?
CVE-2021-24117 is a vulnerability with a CVSS score of 4.9 (MEDIUM). In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controll...
How severe is CVE-2021-24117?
CVE-2021-24117 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24117?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Teaclave Sgx Sdk.