CVE-2019-16910
MEDIUM5.3EPSS 0.67%mbedtls - security update
Published: 9/26/2019Modified: 12/3/2025
Also known as:ALPINE-CVE-2019-16910DEBIAN-CVE-2019-16910
Description
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
Affected packages (3)
- Alpine/mbedtlsfrom 0, < 2.16.3-r0
- Debian/mbedtlsfrom 0, < 2.16.3-1
- Debian/mbedtlsfrom 0, < 2.16.9-0~deb10u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |