CVE-2018-9988

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 2.1.11 mbed TLS versions prior to 2.7.2 mbed TLS versions prior to 2.8.0

Description The issue is related to a buffer over-read in the ssl parse server key exchange() function, which could cause a crash when handling invalid input.

Recommendations For versions prior to 2.1.11, update to version 2.1.11 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.8.0, update to version 2.8.0 or later.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2015-2061

ALT-PU-2018-1495

CVE-2018-9988

DLA-1518-1

DLA-2826-1

MGASA-2018-0253

OPENSUSE-SU-2018:1039-1

OPENSUSE-SU-2018:1041-1

Affected Products

Alt Linux

Mbed Tls

CVE-2018-9988

Weakness Enumeration

Related Identifiers

Affected Products

References · 25