CVE-2019-18222

NameCVE-2019-18222
DescriptionThe ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mbedtls (PTS)stretch (security), stretch2.4.2-1+deb9u3vulnerable
buster2.16.0-1vulnerable
bullseye, sid2.16.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mbedtlssource(unstable)2.16.4-1

Notes

https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
Fixed upstream in 2.20.0, 2.16.4 and 2.7.13

Search for package or bug name: Reporting problems