Lucene search

CVE-2018-0497

🗓️ 28 Jul 2018 17:00:29Reported by debianType

ARM mbed TLS before 2.12.0 allows remote attackers to achieve partial plaintext recovery via a timing-based side-channel attack.

Reporter	Title	Published	Views	Family All 199
Prion	Code injection	28 Jul 201817:29	–	prion
Prion	Design/Logic Flaw	8 Feb 201319:55	–	prion
Prion	Design/Logic Flaw	5 May 201601:59	–	prion
Prion	Design/Logic Flaw	8 Feb 201319:55	–	prion
Prion	Design/Logic Flaw	8 Feb 201319:55	–	prion
Prion	Design/Logic Flaw	3 Jul 201318:55	–	prion
Prion	Design/Logic Flaw	8 Feb 201319:55	–	prion
Prion	Design/Logic Flaw	8 Feb 201319:55	–	prion
Prion	Code injection	8 Feb 201319:55	–	prion
Debian CVE	CVE-2018-0497	28 Jul 201817:29	–	debiancve

Nvd

Node

arm mbed_tlsRange<2.1.14

arm mbed_tlsRange2.2.0–2.7.5

arm mbed_tlsRange2.8.0–2.12.0

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

[
  {
    "product": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14"
      }
    ]
  }
]

Source	Link
tls	www.tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
lists	www.lists.debian.org/debian-lts-announce/2018/09/msg00029.html
usn	www.usn.ubuntu.com/4267-1/
debian	www.debian.org/security/2018/dsa-4296

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Jul 2018 17:29Current

5.9Medium risk

Vulners AI Score5.9

CVSS24.3

CVSS35.9

EPSS0.0149