What is CVE-2019-16910?

CVE-2019-16910 is a medium-severity vulnerability in Arm Mbed_crypto. CVSS score: 5.3/10. Published 2019-09-26.

How severe is CVE-2019-16910?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Arm Mbed_crypto

CVE-2019-16910

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victi…

EPSS: 0.007 (71.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Arm Mbed_crypto
Arm Mbed_tls
Trustedfirmware Mbed_tls
Debian Debian_linux — versions 10.0
Fedoraproject Fedora — versions 29, 30, 31
N/a — versions n/a

References

cve@mitre.org (Vendor Advisory)
cve@mitre.org (vendor-advisory, Mailing List, Third Party Advisory)
cve@mitre.org (Patch)
cve@mitre.org (Patch)
cve@mitre.org (vendor-advisory, Mailing List, Third Party Advisory)
cve@mitre.org (vendor-advisory, Mailing List, Third Party Advisory)
cve@mitre.org (mailing-list, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2019-16910?: CVE-2019-16910 is a medium-severity vulnerability in Arm Mbed_crypto. CVSS score: 5.3/10. Published 2019-09-26.
How severe is CVE-2019-16910?: Medium severity. CVSS v3 base score is 5.3 out of 10.