CVE-2018-0488 — Out-of-bounds Write in ARM Mbed TLS

CWE-787 — Out-of-bounds Write11 documents8 sources

Severity

9.8CRITICALNVD

EPSS

3.6%

top 12.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mbed Mbedtls ARM Mbed TLS Debian Linux

Timeline

PublishedFeb 13

Latest updateMay 13

Description

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDarm/mbed_tls1.3.0 — 1.3.22+2

▶Debianmbed/mbedtls< 2.7.0-2+3

▶Ubuntumbed/mbedtls< 2.2.1-2ubuntu0.3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-v4fr-5r8j-m454: ARM mbed TLS before 1↗2022-05-13

▶

OSV

mbedtls vulnerabilities↗2020-02-05

▶

OSV

CVE-2018-0488: ARM mbed TLS before 1↗2018-02-13

▶

CVEList

CVE-2018-0488: ARM mbed TLS before 1↗2018-02-13

▶

📋Vendor Advisories

Ubuntu

ARM mbed TLS vulnerabilities↗2020-02-05

▶

Debian

CVE-2018-0488: mbedtls - ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated ...↗2018

▶

📄Research Papers

arXiv

SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems↗2024-05-13

▶

💬Community

Bugzilla

CVE-2017-18187 CVE-2018-0487 CVE-2018-0488 mbedtls: various flaws [epel-all]↗2018-02-13

▶

Bugzilla

CVE-2018-0488 mbedtls: Risk of remote code execution when truncated HMAC is enabled↗2018-02-13

▶

Bugzilla

CVE-2017-18187 CVE-2018-0487 CVE-2018-0488 mbedtls: various flaws [fedora-all]↗2018-02-13

▶