CVE-2020-20950

Name of the Vulnerable Software and Affected Versions: Microchip Libraries for Applications versions up to 2018-11-26

Description: The issue allows for Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure. This is due to a vulnerability in PKCS #1 v1.5 padding for RSA.

Recommendations: For versions up to 2018-11-26, consider updating to a version released after 2018-11-26 to resolve the issue. As a temporary workaround, restrict access to the vulnerable library to minimize the risk of exploitation.