PT-2018-8861 · Arm+2 · Mbed Tls+2

Publicado

2018-07-28

Atualizado

2020-02-10

CVE-2018-0498

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 2.12.0 mbed TLS versions prior to 2.7.5 mbed TLS versions prior to 2.1.14

Description The issue allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 or later. For versions prior to 2.7.5, update to version 2.7.5 or later. For versions prior to 2.1.14, update to version 2.1.14 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2019-1599

CVE-2018-0498

DLA-1518-1

DSA-4296-1

MGASA-2018-0432

USN-4267-1

Produtos afetados

Alt Linux

Ubuntu

Mbed Tls

PT-2018-8861 · Arm+2 · Mbed Tls+2

CVE-2018-0498

Identificadores relacionados

Produtos afetados

Referências · 43