CVE-2019-16910
MEDIUM5.3EPSS 0.67%mbedtls - security update
發布日:2019/9/26修改日:2025/12/3
也稱為:ALPINE-CVE-2019-16910DEBIAN-CVE-2019-16910
描述
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
受影響套件(3)
- Alpine/mbedtlsfrom 0, < 2.16.3-r0
- Debian/mbedtlsfrom 0, < 2.16.3-1
- Debian/mbedtlsfrom 0, < 2.16.9-0~deb10u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |