– Update to 2.16.3 – Side channel attack on deterministic ECDSA (CVE-2019-16910) Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.16.3-and-2.7.12-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- advisory-2019-10
– Update to 2.16.3 – Side channel attack on deterministic ECDSA (CVE-2019-16910) Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.16.3-and-2.7.12-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- advisory-2019-10
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary
59 queries. 8.5 mb Memory usage. 0.494 seconds.