Published: 28/07/2018 Updated: 10/02/2020

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 170

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

ARM mbed TLS prior to 2.12.0, prior to 2.7.5, and prior to 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
arm mbed tls
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #904821 mbedtls: CVE-2018-0497, CVE-2018-0498: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel Package: src:mbedtls; Maintainer for src:mbedtls is James Cowgill <jcowgill@debianorg>; Reported by: James Cowgill <jcowgill@debianorg> Date: Sat, 28 Jul 20 ...

Several security issues were fixed in mbedtls ...

Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks For the stable distribution (stretch), these problems have been fixed in version 242-1+deb9u3 We recommend that you upgrade your mbedtls packages For the detailed security status of mbedtls ...

NVD-CWE-noinfo https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 https://www.debian.org/security/2018/dsa-4296 https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html https://usn.ubuntu.com/4267-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904821 https://usn.ubuntu.com/4267-1/https://nvd.nist.gov

CVE-2018-0498

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect