Jump to:

CVE-2019-18222

Jump to:

CVE-2019-18222

Package mbedtls updated to version 2.16.4-alt1 for branch sisyphus in task 246014.

Published: 2020-01-23
Modified: 2024-11-21

CVE-2019-18222

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

Severity: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

[debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
[debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update
FEDORA-2020-5bcfae9f46
FEDORA-2020-5bcfae9f46
FEDORA-2020-8d3ea0fe8d
FEDORA-2020-8d3ea0fe8d
https://tls.mbed.org/tech-updates/security-advisories
https://tls.mbed.org/tech-updates/security-advisories
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

Version: 2.1.0

Package mbedtls update in sisyphus on 2020-02-12

ALT-PU-2020-1192-1

Closed vulnerabilities

CVE-2019-18222