CVE-2018-0498

4.7MEDIUM

Key Information

Vendor: Arm
Status: Arm Mbed Tls Before 2.12.0, Before 2.7.5, And Before 2.1.14
Vendor: CVE Published:; 28 July 2018

Summary

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

Affected Version(s)

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 = ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 28, 2018
Vulnerability Reserved.
Nov 27, 2017

Collectors

NVD DatabaseMitre Database