CVE-2020-20949

Name of the Vulnerable Software and Affected Versions: STM32 cryptographic firmware library software expansion for STM32Cube (UM1924) (affected versions not specified)

Description: The issue concerns Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA, which can be exploited using Bleichenbacher's oracle attack. This allows an attacker to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.