Flaw in ECDSA Signature Implementation in Arm Mbed Crypto and Mbed TLS
CVE-2019-18222
4.7MEDIUM
What is CVE-2019-18222?
A vulnerability exists in the ECDSA signature implementation within Arm Mbed Crypto and Mbed TLS. The issue arises from insufficient reduction of the blinded scalar before computing the inverse, which can be exploited by a local attacker. Through side-channel attacks, this flaw can lead to the potential recovery of private keys, posing a significant risk to the cryptographic integrity of affected systems.