The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 04:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/ - Mailing List, Third Party Advisory | |
References | () https://tls.mbed.org/tech-updates/security-advisories - Vendor Advisory | |
References | () https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 - Vendor Advisory |
03 Mar 2023, 15:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References |
|
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html - Mailing List, Third Party Advisory |
26 Dec 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jan 2022, 20:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
|
CWE | CWE-203 | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/ - Mailing List, Third Party Advisory |
Information
Published : 2020-01-23 17:15
Updated : 2024-11-21 04:32
NVD link : CVE-2019-18222
Mitre link : CVE-2019-18222
CVE.ORG link : CVE-2019-18222
JSON object : View
Products Affected
debian
- debian_linux
arm
- mbed_crypto
- mbed_tls
fedoraproject
- fedora
CWE
CWE-203
Observable Discrepancy