VDB
DEBIAN-CVE-2019-18222
DEBIAN-CVE-2019-18222
PUBLISHED
CVSS 4.699999809265137 MEDIUM
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
Risk Scores
CVSS 3.1
4.699999809265137
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | mbedtls | 0, 0, 0 |
| Debian:11 | mbedtls | 0, 0, 0 |
| Debian:14 | mbedtls | 0, 0, 0 |
| Debian:13 | mbedtls | 0, 0, 0 |
Timeline
- Jan 23, 2020 CVE Published
- Apr 28, 2026 CVE Updated