CVE-2019-16910

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16910

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16910.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16910

Related

Published

2019-09-26T13:15:10Z

Modified

2024-12-05T15:21:38.257503Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

References

Affected packages

Alpine:v3.10 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

Alpine:v3.11 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.12 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.13 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.14 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.15 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.16 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.17 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.18 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.19 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.20 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Alpine:v3.21 / mbedtls

Package

Name: mbedtls
Purl: pkg:apk/alpine/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-r0

Affected versions

2.*

2.0.0-r0

2.1.2-r0

2.2.0-r0

2.2.0-r1

2.2.1-r0

2.3.0-r0

2.4.0-r0

2.4.1-r0

2.4.2-r0

2.5.1-r0

2.6.0-r0

2.6.1-r0

2.7.0-r0

2.11.0-r0

2.12.0-r0

2.14.1-r0

2.16.0-r0

2.16.1-r0

2.16.1-r1

2.16.2-r0

Debian:11 / mbedtls

Package

Name: mbedtls
Purl: pkg:deb/debian/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / mbedtls

Package

Name: mbedtls
Purl: pkg:deb/debian/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / mbedtls

Package

Name: mbedtls
Purl: pkg:deb/debian/mbedtls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.16.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/armmbed/mbed-crypto

Affected ranges

Type: GIT
Repo: https://github.com/armmbed/mbed-crypto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

92348d1c4931f8c33c2d092928afca556f672c42

Type: GIT
Repo: https://github.com/armmbed/mbedtls
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4cb87f409df0ddd878ea50cfca7dc8735ee574f2

Type: GIT
Repo: https://github.com/mbed-tls/mbedtls
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd

Fixed

33f66ba6fd234114aa37f0209dac031bb2870a9b

Affected versions

Other

beta-oob-2

list

mbedos-2016q1-oob1

mbedos-2016q1-oob2

mbedos-2016q1-oob3

mbedos-release-15-11

mbedos-techcon-oob2

mbedcrypto-0.*

mbedcrypto-0.1.0b

mbedcrypto-0.1.0b2

mbedcrypto-1.*

mbedcrypto-1.0.0

mbedcrypto-1.0.0d0

mbedcrypto-1.0.0d1

mbedcrypto-1.0.0d2

mbedcrypto-1.0.0d3

mbedcrypto-1.0.0d4

mbedcrypto-1.0.0d5

mbedcrypto-1.0.0d6

mbedcrypto-1.0.0d7

mbedcrypto-1.1.0

mbedcrypto-1.1.0d0

mbedcrypto-1.1.0d1

mbedcrypto-1.1.0d2

mbedcrypto-1.1.1

mbedcrypto-2.*

mbedcrypto-2.0.0d0

mbedcrypto-2.0.0d1

mbedos-16.*

mbedos-16.01-release

mbedos-16.03-release

mbedtls-1.*

mbedtls-1.3.10

mbedtls-1.4-dtls-preview

mbedtls-2.*

mbedtls-2.0.0

mbedtls-2.1.0

mbedtls-2.1.1

mbedtls-2.1.2

mbedtls-2.10.0

mbedtls-2.11.0

mbedtls-2.12.0

mbedtls-2.13.0

mbedtls-2.13.1

mbedtls-2.14.0

mbedtls-2.16.0

mbedtls-2.16.1

mbedtls-2.16.2

mbedtls-2.2.0

mbedtls-2.2.1

mbedtls-2.3.0

mbedtls-2.4.0

mbedtls-2.5.0

mbedtls-2.5.1

mbedtls-2.6.0

mbedtls-2.6.0-rc1

mbedtls-2.7.0

mbedtls-2.7.0-rc1

mbedtls-2.7.1

mbedtls-2.7.10

mbedtls-2.7.11

mbedtls-2.7.2

mbedtls-2.7.2-rc1

mbedtls-2.7.3

mbedtls-2.7.4

mbedtls-2.7.5

mbedtls-2.7.6

mbedtls-2.7.7

mbedtls-2.7.8

mbedtls-2.7.9

mbedtls-2.8.0

mbedtls-2.8.0-rc1

mbedtls-2.9.0

polarssl-1.*

polarssl-1.2.0

polarssl-1.2.1

polarssl-1.2.2

polarssl-1.2.3

polarssl-1.2.4

polarssl-1.2.5

polarssl-1.2.6

polarssl-1.3.0

polarssl-1.3.0-rc0

polarssl-1.3.1

polarssl-1.3.2

polarssl-1.3.3

polarssl-1.3.4

polarssl-1.3.5

polarssl-1.3.6

polarssl-1.3.7

polarssl-1.3.8

polarssl-1.3.9

psa-crypto-api-1.*

psa-crypto-api-1.0-beta1

psa-crypto-api-1.0-beta2

psa-crypto-api-1.0-beta3

yotta-2.*

yotta-2.2.1

yotta-2.2.2

yotta-2.2.3

yotta-2.3.0

yotta-2.3.1