Lucene search

K

Veracode Vulnerability DatabaseVERACODE:26113

HistoryAug 06, 2020 - 9:31 p.m.

Information Disclosure

2020-08-0621:31:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

EPSS

0.001

Percentile

19.8%

mbedtls is vulnerable to information disclosure. The vulnerability exists as the ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

References

lists.debian.org/debian-lts-announce/2022/12/msg00036.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/

lists.fedoraproject.org/archives/list/[email protected]/message/A3GWQNONS7GRORXZJ7MOJFUEJ2ZJ4OUW/

lists.fedoraproject.org/archives/list/[email protected]/message/NGDACU65MYZXXVPQP2EBHUJGOR4RWLVY/

tls.mbed.org/tech-updates/security-advisories

tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

EPSS

0.001

Percentile

19.8%

Related for VERACODE:26113

nessus4 cve1 fedora2 alpinelinux1 cvelist1 osv2 openvas4 ubuntucve1 prion1 archlinux1 debiancve1 freebsd1 nvd1 mageia1 debian1