CVE-2019-16910 — Sensitive Information Exposure in ARM Mbed Crypto

CWE-200 — Sensitive Information Exposure9 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.9%

top 23.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mbed Mbedtls ARM Mbed Crypto ARM Mbed TLS +2 more

Timeline

PublishedSep 26

Latest updateMay 24

Description

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

▶NVDarm/mbed_crypto< 2.0.0

▶NVDarm/mbed_tls2.8.0 — 2.16.3+2

▶Debianmbed/mbedtls< 2.16.3-1+3

Also affects: Debian Linux 10.0, Fedora 29, 30, 31

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-jg4p-c829-4q39: Arm Mbed TLS before 2↗2022-05-24

▶

OSV

CVE-2019-16910: Arm Mbed TLS before 2↗2019-09-26

▶

CVEList

CVE-2019-16910: Arm Mbed TLS before 2↗2019-09-26

▶

📋Vendor Advisories

Microsoft

▶

Debian

CVE-2019-16910: mbedtls - Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ...↗2019

▶

💬Community

Bugzilla

CVE-2019-16910 mbedtls: use of RNG with insufficient entropy allows to recover private key vise side-channel attack↗2019-10-07

▶

Bugzilla

CVE-2019-16910 mbedtls: use of RNG with insufficient entropy allows to recover private key vise side-channel attack [fedora-all]↗2019-10-07

▶

Bugzilla

CVE-2019-16910 mbedtls: use of RNG with insufficient entropy allows to recover private key vise side-channel attack [epel-all]↗2019-10-07

▶