CVE-2019-16910

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-16910
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16910.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-16910
Downstream
Related
Published
2019-09-26T13:15:10.790Z
Modified
2026-02-16T01:37:34.817769Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

References

Affected packages

Git / github.com/armmbed/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/armmbed/mbedtls
Events
Introduced
3f8d78411a26e833db18d9fbde0e2f0baeda87f0
Fixed
4197f0e28e15c42e907f873eea292fac31bfa7e6
Introduced
8be0e6db41b4a085e90cb03983f99d3a5158d450
Fixed
04a049bda1ceca48060b57bc4bcf5203ce591421

Affected versions

mbedtls-2.*
mbedtls-2.10.0
mbedtls-2.11.0
mbedtls-2.12.0
mbedtls-2.13.0
mbedtls-2.13.1
mbedtls-2.14.0
mbedtls-2.16.0
mbedtls-2.16.1
mbedtls-2.16.2
mbedtls-2.17.0
mbedtls-2.18.0
mbedtls-2.19.0d1
mbedtls-2.8.0
mbedtls-2.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16910.json"

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
33f66ba6fd234114aa37f0209dac031bb2870a9b

Affected versions

Other
beta-oob-2
list
mbedos-2016q1-oob1
mbedos-2016q1-oob2
mbedos-2016q1-oob3
mbedos-release-15-11
mbedos-techcon-oob2
mbedos-16.*
mbedos-16.01-release
mbedos-16.03-release
mbedtls-1.*
mbedtls-1.3.10
mbedtls-1.4-dtls-preview
mbedtls-2.*
mbedtls-2.0.0
mbedtls-2.1.0
mbedtls-2.1.1
mbedtls-2.1.2
mbedtls-2.10.0
mbedtls-2.11.0
mbedtls-2.12.0
mbedtls-2.13.0
mbedtls-2.13.1
mbedtls-2.14.0
mbedtls-2.16.0
mbedtls-2.16.1
mbedtls-2.16.2
mbedtls-2.2.0
mbedtls-2.2.1
mbedtls-2.3.0
mbedtls-2.4.0
mbedtls-2.5.0
mbedtls-2.5.1
mbedtls-2.6.0
mbedtls-2.6.0-rc1
mbedtls-2.7.0
mbedtls-2.7.0-rc1
mbedtls-2.7.1
mbedtls-2.7.10
mbedtls-2.7.11
mbedtls-2.7.2
mbedtls-2.7.2-rc1
mbedtls-2.7.3
mbedtls-2.7.4
mbedtls-2.7.5
mbedtls-2.7.6
mbedtls-2.7.7
mbedtls-2.7.8
mbedtls-2.7.9
mbedtls-2.8.0
mbedtls-2.8.0-rc1
mbedtls-2.9.0
polarssl-1.*
polarssl-1.2.0
polarssl-1.2.1
polarssl-1.2.2
polarssl-1.2.3
polarssl-1.2.4
polarssl-1.2.5
polarssl-1.2.6
polarssl-1.3.0
polarssl-1.3.0-rc0
polarssl-1.3.1
polarssl-1.3.2
polarssl-1.3.3
polarssl-1.3.4
polarssl-1.3.5
polarssl-1.3.6
polarssl-1.3.7
polarssl-1.3.8
polarssl-1.3.9
yotta-2.*
yotta-2.2.1
yotta-2.2.2
yotta-2.2.3
yotta-2.3.0
yotta-2.3.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16910.json"