– Update to 2.16.3 – Side channel attack on deterministic ECDSA (CVE-2019-16910) Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.16.3-and-2.7.12-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- advisory-2019-10
Archive for October 6th, 2019
3 results.
Comment
– Update to 2.16.3 – Side channel attack on deterministic ECDSA (CVE-2019-16910) Release notes: https://tls.mbed.org/tech- updates/releases/mbedtls-2.16.3-and-2.7.12-released Security Advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security- advisory-2019-10
It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary