High severity7.5NVD Advisory· Published Apr 10, 2018· Updated Jun 5, 2026

CVE-2018-9988

Description

A buffer over-read vulnerability in mbed TLS's ssl_parse_server_key_exchange() could cause a crash via crafted TLS handshake messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer over-read vulnerability in mbed TLS's ssl_parse_server_key_exchange() could cause a crash via crafted TLS handshake messages.

Vulnerability

ARM mbed TLS versions before 2.1.11, before 2.7.2, and before 2.8.0 contain a buffer over-read vulnerability in the ssl_parse_server_key_exchange() function. The issue arises from an incorrect bounds check: the code checks end != p + sig_len instead of p != end - sig_len, which can cause an arithmetic overflow and allow reading beyond the input buffer [1]. Additionally, a missing bounds check before reading the signature length (sig_len) can lead to a similar out-of-bounds read [2].

Exploitation

An unauthenticated attacker with network access can send a crafted TLS ServerKeyExchange message to trigger the over-read. No special privileges or user interaction are required. The attacker only needs to establish a TLS connection and send a malicious handshake message.

Impact

Successful exploitation results in a denial of service (crash) due to reading invalid memory. There is no evidence of code execution or information disclosure beyond potential memory corruption.

Mitigation

The vulnerability is fixed in mbed TLS versions 2.1.11, 2.7.2, and 2.8.0 [1][2]. Users should upgrade to these or later versions. No known workarounds exist for unpatched installations.

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Arm/MbedTLSllm-fuzzy2 versions
<2.1.11, <2.7.2, <2.8.0+ 1 more
- (no CPE)range: <2.1.11, <2.7.2, <2.8.0
- (no CPE)range: <2.1.11, <2.7.2, <2.8.0
osv-coords
pkg:rpm/suse/mbedtls&distro=SUSE%20Package%20Hub%2012
Range: < 1.3.19-14.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1nvdPatchThird Party Advisory
github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215nvdPatchThird Party Advisory
lists.debian.org/debian-lts-announce/2018/09/msg00029.htmlnvdMailing ListThird Party Advisory
lists.debian.org/debian-lts-announce/2021/11/msg00021.htmlnvdMailing ListThird Party Advisory
tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-releasednvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000