cbcvebase.
CVE-2019-18222
published 2020-01-23

CVE-2019-18222: The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the…

PriorityP418medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
EPSS
0.33%
24.7th percentile
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

Affected

14 ranges
VendorProductVersion rangeFixed in
armmbed_crypto< 3.0.03.0.0
armmbed_tls< 2.7.132.7.13
armmbed_tls>= 2.17.0 < 2.20.02.20.0
armmbed_tls>= 2.8.0 < 2.16.42.16.4
debiandebian_linux
debianmbedtls< mbedtls 2.16.4-1 (bookworm)mbedtls 2.16.4-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
mbedmbedtls>= 0 < 2.16.4-12.16.4-1
mbedmbedtls>= 0 < 2.16.4-12.16.4-1
mbedmbedtls>= 0 < 2.16.4-12.16.4-1
mbedmbedtls>= 0 < 2.16.4-12.16.4-1
msrcazl3_qemu_8.2.0-16_on_azure_linux_3.0
msrccbl2_qemu_6.2.0-24_on_cbl_mariner_2.0

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
osv4.7MEDIUM
vendor_debian4.7MEDIUM
vendor_msrc4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.