PT-2018-8854 · Arm+2 · Mbed Tls+2

Publicado

2015-07-29

Atualizado

2024-06-15

CVE-2018-0488

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 1.3.22 mbed TLS versions prior to 2.1.10 mbed TLS versions prior to 2.7.0

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in heap corruption, via a crafted application packet within a TLS or DTLS session when the truncated HMAC extension and CBC are used.

Recommendations For versions prior to 1.3.22, update to version 1.3.22 or later. For versions prior to 2.1.10, update to version 2.1.10 or later. For versions prior to 2.7.0, update to version 2.7.0 or later.

Correção

RCE

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2015-1643

ALT-PU-2018-1396

CVE-2018-0488

DSA-4138-1

DSA-4147-1

MGASA-2018-0163

OPENSUSE-SU-2018:0488-1

OPENSUSE-SU-2018:0491-1

OPENSUSE-SU-2024:11043-1

USN-4267-1

Produtos afetados

Alt Linux

Ubuntu

Mbed Tls

PT-2018-8854 · Arm+2 · Mbed Tls+2

CVE-2018-0488

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54