CVE-2018-9988
10.04.2018, 19:29
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.Enginsight
| Vendor | Product | Version |
|---|---|---|
| arm | mbed_tls | 𝑥 < 2.1.11 |
| arm | mbed_tls | 2.7.0 ≤ 𝑥 < 2.7.2 |
| arm | mbed_tls | 2.8.0:rc1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| mbedtls |
| ||||||||||||||||||||||||||||||||
| polarssl |
|
Common Weakness Enumeration
References