CVE-2018-0488 Information
Feb 14, 2021
cve
Description
ARM mbed TLS before 1.3.22 before 2.1.10 and before 2.7.0 when the truncated HMAC extension and CBC are used allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/103057 https://security.gentoo.org/glsa/201804-19 https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 https://usn.ubuntu.com/4267-1/ https://www.debian.org/security/2018/dsa-4138 https://www.debian.org/security/2018/dsa-4147
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: