Lucene search
K
ArmMbed Crypto

4 matches found

CVE
CVE
added 2024/03/29 12:0 a.m.138 views

CVE-2024-28960

CVE-2024-28960 affects Mbed TLS 2.18.0–2.28.x (before 2.28.8) and Mbed TLS 3.x (before 3.6.0), and Mbed Crypto. The PSA Crypto API mishandles shared memory. Reported impact: high confidentiality impact, low integrity impact; exploitation context is not detailed in the provided documents. Public f...

8.2CVSS6.3AI score0.0084EPSS
CVE
CVE
added 2020/01/23 12:0 a.m.137 views

CVE-2019-18222

CVE-2019-18222 affects Arm Mbed Crypto 2.1 and Mbed TLS up to 2.19.1: the ECDSA implementation in ecdsa.c does not reduce the blinded scalar before the inverse, enabling local side-channel attacks to recover the private key. Several advisories report upstream fixes (e.g., 2.20.0, 3.0.1) and packa...

4.7CVSS4.6AI score0.00343EPSS
CVE
CVE
added 2019/09/26 12:0 a.m.121 views

CVE-2019-16910

Arm Mbed TLS prior to 2.19.0 and Arm Mbed Crypto prior to 2.0.0 are affected by CVE-2019-16910. When deterministic ECDSA is enabled, the RNG blinding uses insufficient entropy, enabling a side-channel based attack that could recover a private key if the same message is signed repeatedly. The issu...

5.3CVSS5.3AI score0.01773EPSS
CVE
CVE
added 2020/03/24 12:0 a.m.86 views

CVE-2020-10941

Summary: CVE-2020-10941 affects Arm Mbed TLS before 2.16.5, where an attacker could recover an RSA private key by measuring cache usage during import. The connected advisories confirm updated packages (e.g., 2.16.7) across distributions (e.g., Fedora/Debian), indicating remediation by upgrading t...

5.9CVSS5.5AI score0.0163EPSS