PT-2018-8860 · Arm+2 · Mbed Tls+2

Publicado

2018-07-28

Atualizado

2020-02-10

CVE-2018-0497

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 2.12.0 mbed TLS versions prior to 2.7.5 mbed TLS versions prior to 2.1.14

Description The issue allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This is due to an incorrect fix for a previous issue, which involved a wrong SHA-384 calculation.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 or later. For versions prior to 2.7.5, update to version 2.7.5 or later. For versions prior to 2.1.14, update to version 2.1.14 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2019-1599

CVE-2018-0497

DLA-1518-1

DSA-4296-1

MGASA-2018-0432

USN-4267-1

Produtos afetados

Alt Linux

Ubuntu

Mbed Tls

PT-2018-8860 · Arm+2 · Mbed Tls+2

CVE-2018-0497

Identificadores relacionados

Produtos afetados

Referências · 43