PT-2018-2116 · Arm+1 · Mbed Tls+1

Adi Shamir

Published

2015-12-04

Updated

2026-06-05

CVE-2018-19608

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 2.14.1 Mbed TLS versions prior to 2.7.8 Mbed TLS versions prior to 2.1.17

Description The issue is related to a local synchronization problem during RSA decryption in Mbed TLS, allowing a local unprivileged attacker to recover the plaintext of RSA decryption. This affects RSA-without-(EC)DH(E) cipher suites. The vulnerability can be exploited to gain access to protected information.

Recommendations For versions prior to 2.14.1, update to version 2.14.1 or later. For versions prior to 2.7.8, update to version 2.7.8 or later. For versions prior to 2.1.17, update to version 2.1.17 or later.

Fix

Buffer Overflow

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-310CWE-269

Related Identifiers

ALT-PU-2015-2061

ALT-PU-2018-1495

BDU:2019-00068

CVE-2018-19608

MGASA-2019-0027

OPENSUSE-SU-2024:11043-1

Affected Products

Alt Linux

Mbed Tls

PT-2018-2116 · Arm+1 · Mbed Tls+1

CVE-2018-19608

Weakness Enumeration

Related Identifiers

Affected Products

References · 26