CyberSec.Space Logo
Back to CVE Browser

CVE-2018-0488

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile22.04th
PublishedFeb 13, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Affected Platforms (CPE)

πŸ“¦
Arm

Mbed Tls

>= 1.3.0 and < 1.3.22
πŸ“¦
Arm

Mbed Tls

>= 2.1.0 and < 2.1.10
πŸ“¦
Arm

Mbed Tls

>= 2.2.0 and < 2.7.0
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/103057
πŸ”— https://security.gentoo.org/glsa/201804-19
πŸ”— https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
πŸ”— https://usn.ubuntu.com/4267-1/
πŸ”— https://www.debian.org/security/2018/dsa-4138
πŸ”— https://www.debian.org/security/2018/dsa-4147
πŸ”— http://www.securityfocus.com/bid/103057
πŸ”— https://security.gentoo.org/glsa/201804-19

Related Vulnerabilities

CVE-2021-447329.8

Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failu...

CVE-2018-04879.8

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2017-181879.8

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_...

CVE-2022-463939.8

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-b...

CVE-2018-0488 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space