CVE-2018-9988

Published: Apr 10, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update

mailing-list

x_refsource_MLIST

https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215

x_refsource_CONFIRM

https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released

x_refsource_CONFIRM

https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1

x_refsource_CONFIRM

[debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-9988

Description

Affected Products

References