CVE-2019-18222Observable Discrepancy in ARM Mbed Crypto

CWE-203Observable DiscrepancyCWE-200Sensitive Information Exposure6 documents6 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 68.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mbed MbedtlsARM Mbed CryptoARM Mbed TLS+2 more
Timeline
PublishedJan 23
Latest updateMay 24

Description

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

NVDarm/mbed_crypto< 3.0.0
NVDarm/mbed_tls2.8.02.16.4+2
Debianmbed/mbedtls< 2.16.4-1+3

Also affects: Debian Linux 10.0, Fedora 30, 31

🔴Vulnerability Details

3
GHSA
GHSA-fpgh-hvp5-cqc2: The ECDSA signature implementation in ecdsa2022-05-24
OSV
CVE-2019-18222: The ECDSA signature implementation in ecdsa2020-01-23
CVEList
CVE-2019-18222: The ECDSA signature implementation in ecdsa2020-01-23

📋Vendor Advisories

2
Microsoft
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recov2020-01-14
Debian
CVE-2019-18222: mbedtls - The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TL...2019
CVE-2019-18222 — Observable Discrepancy in ARM | cvebase