FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mbed TLS -- Side channel attack on ECDSA

Affected packages
mbedtls < 2.16.4

Details

VuXML ID b70b880f-5727-11ea-a2f3-001cc0382b2f
Discovery 2019-10-25
Entry 2020-02-24

Janos Follath reports:

Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it (as it is smaller than RSA keys and not guaranteed to have only large prime factors), and then, by brute force, recover the key.

References

CVE Name CVE-2019-18222
URL https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12