CVE-2018-0497
published 2018-07-28CVE-2018-0497: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a…
PriorityP433medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
2.67%
83.9th percentile
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | mbed_tls | < 2.1.14 | 2.1.14 |
| arm | mbed_tls | >= 2.2.0 < 2.7.5 | 2.7.5 |
| arm | mbed_tls | >= 2.8.0 < 2.12.0 | 2.12.0 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | mbedtls | < mbedtls 2.12.0-1 (bookworm) | mbedtls 2.12.0-1 (bookworm) |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.2.1-2ubuntu0.3 | 2.2.1-2ubuntu0.3 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pxhv-jv3r-8j7f: ARM mbed TLS before 2
ghsa_unreviewed·2022-05-13·CVSS 2.6
CVE-2018-0497 [LOW] GHSA-pxhv-jv3r-8j7f: ARM mbed TLS before 2
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
OSV
mbedtls vulnerabilities
osv·2020-02-05·CVSS 9.8
CVE-2017-18187 [CRITICAL] mbedtls vulnerabilities
mbedtls vulnerabilities
It was discovered that mbedtls has a bounds-check bypass through an integer
overflow that can be used by an attacked to execute arbitrary code or cause a
denial of service.
(CVE-2017-18187)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (buffer overflow)
via a crafted certificate chain that is mishandled during RSASSA-PSS
signature verification within a TLS or DTLS session.
(CVE-2018-0487)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (heap corruption) via a
crafted application packet within a TLS or DTLS session.
(CVE-2018-0488)
It was discovered that mbedtls has a vulnerability that allows remote
attac
OSV
CVE-2018-0497: ARM mbed TLS before 2
osv·2018-07-28·CVSS 2.6
CVE-2018-0497 [LOW] CVE-2018-0497: ARM mbed TLS before 2
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
Ubuntu
ARM mbed TLS vulnerabilities
vendor_ubuntu·2020-02-05·CVSS 9.8
CVE-2017-18187 [CRITICAL] ARM mbed TLS vulnerabilities
Title: ARM mbed TLS vulnerabilities
Summary: Several security issues were fixed in mbedtls.
It was discovered that mbedtls has a bounds-check bypass through an integer
overflow that can be used by an attacked to execute arbitrary code or cause a
denial of service.
(CVE-2017-18187)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (buffer overflow)
via a crafted certificate chain that is mishandled during RSASSA-PSS
signature verification within a TLS or DTLS session.
(CVE-2018-0487)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (heap corruption) via a
crafted application packet within a TLS or DTLS session.
(CVE-2018-0488)
It was
Debian
CVE-2018-0497: mbedtls - ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attack...
vendor_debian·2018·CVSS 2.6
CVE-2018-0497 [LOW] CVE-2018-0497: mbedtls - ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attack...
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
Scope: local
bookworm: resolved (fixed in 2.12.0-1)
bullseye: resolved (fixed in 2.12.0-1)
forky: resolved (fixed in 2.12.0-1)
sid: resolved (fixed in 2.12.0-1)
trixie: resolved (fixed in 2.12.0-1)
No detection rules found.
No public exploits indexed.
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.htmlhttps://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02https://usn.ubuntu.com/4267-1/https://www.debian.org/security/2018/dsa-4296https://lists.debian.org/debian-lts-announce/2018/09/msg00029.htmlhttps://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02https://usn.ubuntu.com/4267-1/https://www.debian.org/security/2018/dsa-4296
2018-07-28
Published