CVE-2018-9988Out-of-bounds Read in ARM Mbed TLS

CWE-125Out-of-bounds Read5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 29.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mbed MbedtlsARM Mbed TLSDebian Linux
Timeline
PublishedApr 10
Latest updateMay 13

Description

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDarm/mbed_tls2.7.02.7.2+2
Debianmbed/mbedtls< 2.8.0-1+3

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-h9j8-4v77-hmr3: ARM mbed TLS before 22022-05-13
OSV
CVE-2018-9988: ARM mbed TLS before 22018-04-10
CVEList
CVE-2018-9988: ARM mbed TLS before 22018-04-10

📋Vendor Advisories

1
Debian
CVE-2018-9988: mbedtls - ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-rea...2018
CVE-2018-9988 — Out-of-bounds Read in ARM Mbed TLS | cvebase