The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS up to and including 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local malicious user to recover the private key via side-channel attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arm mbed tls |
||
arm mbed crypto |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
debian debian linux 10.0 |