VulnerableCode Package Details - pkg:alpm/archlinux/mbedtls@2.16.3-1

Search for packages

Package details: pkg:alpm/archlinux/mbedtls@2.16.3-1

Essentials
History (4)

purl	pkg:alpm/archlinux/mbedtls@2.16.3-1

Next non-vulnerable version	2.26.0-1
Latest non-vulnerable version	2.26.0-1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-5kj3-xdpr-aaaf Aliases: CVE-2019-18222	The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.	2.16.5-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:53.214741+00:00	Arch Linux Importer	Affected by	VCID-5kj3-xdpr-aaaf	https://security.archlinux.org/AVG-1104	36.0.0
2024-09-18T02:00:55.656488+00:00	Arch Linux Importer	Affected by	VCID-5kj3-xdpr-aaaf	https://security.archlinux.org/AVG-1104	34.0.1
2024-01-24T11:41:55.481707+00:00	Arch Linux Importer	Affected by	VCID-5kj3-xdpr-aaaf	https://security.archlinux.org/AVG-1104	34.0.0rc2
2024-01-03T22:27:12.644349+00:00	Arch Linux Importer	Affected by	VCID-5kj3-xdpr-aaaf	https://security.archlinux.org/AVG-1104	34.0.0rc1