Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-18222
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-23 Jan, 2020 | 17:15
Updated At-03 Mar, 2023 | 15:25

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.01.9LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Arm Limited
arm
>>mbed_crypto>>Versions before 3.0.0(exclusive)
cpe:2.3:a:arm:mbed_crypto:*:*:*:*:*:*:*:*
Arm Limited
arm
>>mbed_tls>>Versions before 2.7.13(exclusive)
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
Arm Limited
arm
>>mbed_tls>>Versions from 2.8.0(inclusive) to 2.16.4(exclusive)
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
Arm Limited
arm
>>mbed_tls>>Versions from 2.17.0(inclusive) to 2.20.0(exclusive)
cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-203Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/cve@mitre.org
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/cve@mitre.org
Mailing List
Third Party Advisory
https://tls.mbed.org/tech-updates/security-advisoriescve@mitre.org
Vendor Advisory
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12cve@mitre.org
Vendor Advisory
Change History
0Changes found
Details not found