vulnerability

FreeBSD: VID-b70b880f-5727-11ea-a2f3-001cc0382b2f (CVE-2019-18222): Mbed TLS -- Side channel attack on ECDSA

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:M/Au:N/C:P/I:N/A:N)	Feb 24, 2020	Dec 10, 2025	Dec 10, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:N)

Published

Feb 24, 2020

Added

Dec 10, 2025

Modified

Dec 10, 2025

Description

Janos Follath reports: Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it (as it is smaller than RSA keys and not guaranteed to have only large prime factors), and then, by brute force, recover the key.

Solution

freebsd-upgrade-package-mbedtls

References

CVE-2019-18222
https://attackerkb.com/topics/CVE-2019-18222
CWE-203

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today