Lucene search

K

MitreCVELIST:CVE-2019-16910

HistorySep 26, 2019 - 12:00 a.m.

CVE-2019-16910

2019-09-2600:00:00

mitre

www.cve.org

7

AI Score

5.4

Confidence

High

EPSS

0.008

Percentile

81.5%

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

References

github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd

github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b

lists.debian.org/debian-lts-announce/2022/12/msg00036.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/

tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10

AI Score

5.4

Confidence

High

EPSS

0.008

Percentile

81.5%

Related for CVELIST:CVE-2019-16910

openvas8 cnvd1 debiancve1 veracode1 nvd1 nessus4 ubuntucve1 osv2 prion1 fedora5 alpinelinux1 cve1 mageia1 debian1