CVE-2019-18222

4.7MEDIUM

Key Information

Vendor: Arm
Status: Mbed Tls; Mbed Crypto
Vendor: CVE Published:; 23 January 2020

Summary

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 23, 2020
Vulnerability Reserved.
Oct 21, 2019

Collectors

NVD DatabaseMitre Database