PT-2018-2116 · Arm+1 · Mbed Tls+1

Adi Shamir

Publicado

2015-12-04

Atualizado

2026-06-05

CVE-2018-19608

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 2.14.1 Mbed TLS versions prior to 2.7.8 Mbed TLS versions prior to 2.1.17

Description The issue is related to a local synchronization problem during RSA decryption in Mbed TLS, allowing a local unprivileged attacker to recover the plaintext of RSA decryption. This affects RSA-without-(EC)DH(E) cipher suites. The vulnerability can be exploited to gain access to protected information.

Recommendations For versions prior to 2.14.1, update to version 2.14.1 or later. For versions prior to 2.7.8, update to version 2.7.8 or later. For versions prior to 2.1.17, update to version 2.1.17 or later.

Correção

Buffer Overflow

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-310CWE-269

Identificadores relacionados

ALT-PU-2015-2061

ALT-PU-2018-1495

BDU:2019-00068

CVE-2018-19608

MGASA-2019-0027

OPENSUSE-SU-2024:11043-1

Produtos afetados

Alt Linux

Mbed Tls

PT-2018-2116 · Arm+1 · Mbed Tls+1

CVE-2018-19608

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26