CVE-2018-0488

9.8CRITICAL

Key Information

Vendor: Arm
Status: Arm Mbed Tls Before 1.3.22, Before 2.1.10, And Before 2.7.0
Vendor: CVE Published:; 13 February 2018

Summary

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Affected Version(s)

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 = ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Feb 13, 2018
Vulnerability Reserved.
Nov 27, 2017

Collectors

NVD DatabaseMitre Database