Flaw in ECDSA Signature Implementation in Arm Mbed Crypto and Mbed TLS
CVE-2019-18222

4.7MEDIUM

Key Information:

Vendor: Arm
Status: Mbed Tls; Mbed Crypto
Vendor: CVE Published:; 23 January 2020

What is CVE-2019-18222?

A vulnerability exists in the ECDSA signature implementation within Arm Mbed Crypto and Mbed TLS. The issue arises from insufficient reduction of the blinded scalar before computing the inverse, which can be exploited by a local attacker. Through side-channel attacks, this flaw can lead to the potential recovery of private keys, posing a significant risk to the cryptographic integrity of affected systems.

References

https://tls.mbed.org/tech-updates/security-advisories

https://tls.mbed.org/tech-updates/security-advisories/mbe...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2020
Vulnerability Reserved
Oct 21, 2019