CVE-2018-0487

9.8CRITICAL

Key Information

Vendor: Arm
Status: Arm Mbed Tls Before 1.3.22, Before 2.1.10, And Before 2.7.0
Vendor: CVE Published:; 13 February 2018

Summary

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Affected Version(s)

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 = ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Feb 13, 2018
Vulnerability Reserved.
Nov 27, 2017

Collectors

NVD DatabaseMitre Database