CVE-2018-0488
N/A
N/A
Summary
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 | affected |
Weaknesses
- heap corruption
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/103057
- https://www.debian.org/security/2018/dsa-4147
- https://www.debian.org/security/2018/dsa-4138
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
- https://security.gentoo.org/glsa/201804-19
- https://usn.ubuntu.com/4267-1/
References
- http://www.securityfocus.com/bid/103057
- https://www.debian.org/security/2018/dsa-4147
- https://www.debian.org/security/2018/dsa-4138
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
- https://security.gentoo.org/glsa/201804-19
- https://usn.ubuntu.com/4267-1/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.