Search for packages
| purl | pkg:alpm/archlinux/mbedtls@2.16.5-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4y36-8tq3-abg6
Aliases: CVE-2020-10932 |
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-g7w2-d16t-8bd9 | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. |
CVE-2019-18222
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:26:59.936769+00:00 | Arch Linux Importer | Affected by | VCID-4y36-8tq3-abg6 | https://security.archlinux.org/AVG-1141 | 38.0.0 |
| 2026-04-01T18:25:52.232524+00:00 | Arch Linux Importer | Fixing | VCID-g7w2-d16t-8bd9 | https://security.archlinux.org/AVG-1104 | 38.0.0 |