We found results for “”
CVE-2019-16910
Good to know:
Date: September 25, 2019
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
Language: C
Severity Score
Related Resources (14)
Severity Score
Weakness Type (CWE)
Information Leak / Disclosure
CWE-200Insufficient Information
NVD-CWE-noinfoTop Fix
Upgrade Version
Upgrade to version Mbed TLS-2.7.12,Mbed-2.16.3,Mbed TLS-2.19.0;Mbed Crypto-2.0.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | HIGH |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | NONE |
Availability (A): | NONE |
Additional information: |