Arm Mbed TLS prior to 2.19.0 and Arm Mbed Crypto prior to 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an malicious user to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arm mbed crypto |
||
arm mbed tls |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
debian debian linux 10.0 |