AVG-1104 log
| Package | mbedtls |
| Status | Fixed |
| Severity | High |
| Type | private key recovery |
| Affected | 2.16.3-1 |
| Fixed | 2.16.5-1 |
| Current | 3.5.2-1 [extra] |
| Ticket | None |
| Created | Tue Feb 25 15:59:28 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-18222 | High | No | Private key recovery | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto before 3.0.1 and Mbed TLS before 2.20.0, 2.16.4 or 2.7.13 does not reduce the blinded... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 11 Mar 2020 | ASA-202003-7 | mbedtls | private key recovery |
| References |
|---|
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 |
| Notes |
|---|
Please take a look at https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 also, there was no CVE as of 2020/02/25 ;) |