Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd - Patch | |
References | () https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b - Patch | |
References | () https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/ - Mailing List, Third Party Advisory | |
References | () https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10 - Vendor Advisory |
03 Mar 2023, 15:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References |
|
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html - Mailing List, Third Party Advisory |
26 Dec 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Apr 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
References | (MISC) https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b - Patch, Third Party Advisory |
Information
Published : 2019-09-26 13:15
Updated : 2024-11-21 04:31
NVD link : CVE-2019-16910
Mitre link : CVE-2019-16910
CVE.ORG link : CVE-2019-16910
JSON object : View
Products Affected
debian
- debian_linux
arm
- mbed_crypto
- mbed_tls
fedoraproject
- fedora
CWE