Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
References
Link | Resource |
---|---|
https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd | Patch |
https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b | Patch |
https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/ | Mailing List Third Party Advisory |
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
03 Mar 2023, 15:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html - Mailing List, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
27 Dec 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
26 Dec 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Apr 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo |
Information
Published : 2019-09-26 13:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-16910
Mitre link : CVE-2019-16910
CVE.ORG link : CVE-2019-16910
JSON object : View
Products Affected
arm
- mbed_tls
- mbed_crypto
fedoraproject
- fedora
debian
- debian_linux
CWE