CVE-2018-0498
published 2018-07-28CVE-2018-0498: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a…
PriorityP419medium4.7CVSS 3.0
AVLACHPRLUINSUCHINAN
EPSS
0.37%
29.1th percentile
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | mbed_tls | < 2.1.14 | 2.1.14 |
| arm | mbed_tls | >= 2.2.0 < 2.7.5 | 2.7.5 |
| arm | mbed_tls | >= 2.8.0 < 2.12.0 | 2.12.0 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | mbedtls | < mbedtls 2.12.0-1 (bookworm) | mbedtls 2.12.0-1 (bookworm) |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.12.0-1 | 2.12.0-1 |
| mbed | mbedtls | >= 0 < 2.2.1-2ubuntu0.3 | 2.2.1-2ubuntu0.3 |
CVSS provenance
nvdv3.04.7MEDIUMCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f3f3-2pmh-mpg9: ARM mbed TLS before 2
ghsa_unreviewed·2022-05-13
CVE-2018-0498 [MEDIUM] GHSA-f3f3-2pmh-mpg9: ARM mbed TLS before 2
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
OSV
mbedtls vulnerabilities
osv·2020-02-05·CVSS 9.8
CVE-2017-18187 [CRITICAL] mbedtls vulnerabilities
mbedtls vulnerabilities
It was discovered that mbedtls has a bounds-check bypass through an integer
overflow that can be used by an attacked to execute arbitrary code or cause a
denial of service.
(CVE-2017-18187)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (buffer overflow)
via a crafted certificate chain that is mishandled during RSASSA-PSS
signature verification within a TLS or DTLS session.
(CVE-2018-0487)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (heap corruption) via a
crafted application packet within a TLS or DTLS session.
(CVE-2018-0488)
It was discovered that mbedtls has a vulnerability that allows remote
attac
OSV
CVE-2018-0498: ARM mbed TLS before 2
osv·2018-07-28·CVSS 4.7
CVE-2018-0498 [MEDIUM] CVE-2018-0498: ARM mbed TLS before 2
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
Ubuntu
ARM mbed TLS vulnerabilities
vendor_ubuntu·2020-02-05·CVSS 9.8
CVE-2017-18187 [CRITICAL] ARM mbed TLS vulnerabilities
Title: ARM mbed TLS vulnerabilities
Summary: Several security issues were fixed in mbedtls.
It was discovered that mbedtls has a bounds-check bypass through an integer
overflow that can be used by an attacked to execute arbitrary code or cause a
denial of service.
(CVE-2017-18187)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (buffer overflow)
via a crafted certificate chain that is mishandled during RSASSA-PSS
signature verification within a TLS or DTLS session.
(CVE-2018-0487)
It was discovered that mbedtls has a vulnerability where an attacker could
execute arbitrary code or cause a denial of service (heap corruption) via a
crafted application packet within a TLS or DTLS session.
(CVE-2018-0488)
It was
Debian
CVE-2018-0498: mbedtls - ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users t...
vendor_debian·2018·CVSS 4.7
CVE-2018-0498 [MEDIUM] CVE-2018-0498: mbedtls - ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users t...
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
Scope: local
bookworm: resolved (fixed in 2.12.0-1)
bullseye: resolved (fixed in 2.12.0-1)
forky: resolved (fixed in 2.12.0-1)
sid: resolved (fixed in 2.12.0-1)
trixie: resolved (fixed in 2.12.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-0498 CVE-2018-0497 mbedtls: Two critical flaws fixed in latest release
bugzilla·2018-08-02·CVSS 2.6
CVE-2018-0498 [LOW] CVE-2018-0498 CVE-2018-0497 mbedtls: Two critical flaws fixed in latest release
CVE-2018-0498 CVE-2018-0497 mbedtls: Two critical flaws fixed in latest release
CVE-2018-0497
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote
attackers to achieve partial plaintext recovery (for a CBC based ciphersuite)
via a timing-based side-channel attack. This vulnerability exists because of an
incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
CVE-2018-0498
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users
to achieve partial plaintext recovery (for a CBC based ciphersuite) via a
cache-based side-channel attack.
References:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
arXiv
SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems
arxiv_fulltext·2024-05-13
SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems
[1]
hlcolorRGB20, 255, 20hlcolor
blackZiming: #1
[1]
hlcolorRGB20, 255, 20hlcolor
blackJun: #1
[1]
hlcolorRGB20, 255, 20hlcolor
blackLe: #1
[1]
hlcolorRGB255, 241, 158hlcolor
blackZheyuan: #1
[1]
hlcolorRGB255, 20, 20hlcolor
blackZQ: #1
[1]
hlcolorRGB0,32,96hlcolor
whiteXi: #1
arch
[1]
arch
#1A [2]arch. #1
bug
[1]
bug
#1B [2]bug. #1
limitation
[1]
limitation
4pt #1L [2]limitation. #1
issue
[1]
issue
4pt #1I [2]issue. #1
defense
[1]
defense
4pt #1D [2]defense. #1
test
[1]
test
T [2]-test. #1
recommendation
[1]
recommendation
4pt #1R [2]recommendation. #1
plain
[2]tabular@#1@#2tabular
* [1]
* [1] [baseline=(char.base)]
[shape=circle,draw,inner sep=2pt] (char) #1;
* [1] [baseline=(char.base)]
[shape=circle,draw,inner sep=1pt] (char) #1;
.5em
[1]picture(1,1)
0=#1 (.
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.htmlhttps://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02https://usn.ubuntu.com/4267-1/https://www.debian.org/security/2018/dsa-4296https://lists.debian.org/debian-lts-announce/2018/09/msg00029.htmlhttps://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02https://usn.ubuntu.com/4267-1/https://www.debian.org/security/2018/dsa-4296
2018-07-28
Published