CWE-385

CWE-385

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

2

Critical

0

High

0

Medium

2

Low

0

Severity distribution

Recent CVEs

showing 2 of 2

CVE-2024-23170Medium· 5.5EPSS 0%8 d ago
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the atta
CVE-2025-49087Medium· 4.0EPSS 0%8 d ago
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.