{"id":"AZL-12968","summary":"CVE-2022-46392 affecting package fluent-bit for versions less than 2.0.9-1","details":"An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.","modified":"2026-04-21T04:22:29.471134Z","published":"2022-12-15T23:15:10Z","upstream":["CVE-2022-46392"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46392"}],"affected":[{"package":{"name":"fluent-bit","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/fluent-bit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.9-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-12968.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}