CVE-2018-0497

5.9MEDIUM

Key Information

Vendor: Arm
Status: Arm Mbed Tls Before 2.12.0, Before 2.7.5, And Before 2.1.14
Vendor: CVE Published:; 28 July 2018

Summary

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

Affected Version(s)

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 = ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 28, 2018
Vulnerability Reserved.
Nov 27, 2017

Collectors

NVD DatabaseMitre Database