Home > Vulnerability Database > CVE-2019-16910

Mend.io Vulnerability Database

CVE-2019-16910

Good to know:

Date: September 26, 2019

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

Language: C

Severity Score

5.3

Related Resources (14)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-16910

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/

Url: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10

Url: https://security-tracker.debian.org/tracker/CVE-2019-16910

Url: https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGSKQSGR5SOBRBXDSSPTCDSBB5K3GMPF/

Url: https://security.alpinelinux.org/vuln/CVE-2019-16910

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSFFOROD6IVLADZHNJC2LPDV7FQRP7XB/

Url: https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEHHH2DOBXB25CAU3Q6E66X723VAYTB5/

Url: https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd

Url: https://www.mend.io/vulnerability-database/CVE-2019-16910

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version Mbed TLS-2.7.12,Mbed-2.16.3,Mbed TLS-2.19.0;Mbed Crypto-2.0.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-16910

Good to know:

Date: September 26, 2019

Language: C

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?