VulnerableCode Package Details - pkg:deb/ubuntu/mbedtls@2.14.1-2

Search for packages

Package details: pkg:deb/ubuntu/mbedtls@2.14.1-2

Essentials
History (0)

purl	pkg:deb/ubuntu/mbedtls@2.14.1-2

Next non-vulnerable version	2.16.4-1ubuntu2
Latest non-vulnerable version	2.16.4-1ubuntu2
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-5kj3-xdpr-aaaf Aliases: CVE-2019-18222	The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.	2.16.4-1ubuntu2 Affected by 0 other vulnerabilities.
VCID-7mdz-n5xr-aaam Aliases: CVE-2019-16910	Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)	2.16.4-1ubuntu2 Affected by 0 other vulnerabilities.
VCID-sdw8-s8qf-aaac Aliases: CVE-2018-19608	Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.	2.16.4-1ubuntu2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version