CVE-2019-18222

Published: Jan 23, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://tls.mbed.org/tech-updates/security-advisories

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

FEDORA-2020-8d3ea0fe8d

vendor-advisory

FEDORA-2020-5bcfae9f46

vendor-advisory

[debian-lts-announce] 20221225 [SECURITY] [DLA 3249-1] mbedtls security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-18222

Description

Affected Products

References