CVE-2018-0497 — ARM Mbed TLS vulnerability
8 documents7 sources
Severity
5.9MEDIUMNVD
CNA2.6OSV9.8OSV2.6
EPSS
0.3%
top 44.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 28
Latest updateMay 13
Description
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0