rpm package
suse/mbedtls&distro=SUSE Package Hub 12
pkg:rpm/suse/mbedtls&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-9989 | Hig | 7.5 | < 1.3.19-14.1 | 1.3.19-14.1 | Apr 10, 2018 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | |
| CVE-2018-9988 | Hig | 7.5 | < 1.3.19-14.1 | 1.3.19-14.1 | Apr 10, 2018 | ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | |
| CVE-2017-18187 | — | < 1.3.19-11.1 | 1.3.19-11.1 | Feb 14, 2018 | In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. | ||
| CVE-2018-0488 | — | < 1.3.19-11.1 | 1.3.19-11.1 | Feb 13, 2018 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | ||
| CVE-2018-0487 | — | < 1.3.19-11.1 | 1.3.19-11.1 | Feb 13, 2018 | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. | ||
| CVE-2017-14032 | Hig | 8.1 | < 1.3.19-8.1 | 1.3.19-8.1 | Aug 30, 2017 | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped wi | |
| CVE-2017-2784 | Hig | 8.1 | < 1.3.19-5.1 | 1.3.19-5.1 | Apr 20, 2017 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack po |
- affected < 1.3.19-14.1fixed 1.3.19-14.1
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
- affected < 1.3.19-14.1fixed 1.3.19-14.1
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
- CVE-2017-18187Feb 14, 2018affected < 1.3.19-11.1fixed 1.3.19-11.1
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
- CVE-2018-0488Feb 13, 2018affected < 1.3.19-11.1fixed 1.3.19-11.1
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
- CVE-2018-0487Feb 13, 2018affected < 1.3.19-11.1fixed 1.3.19-11.1
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
- affected < 1.3.19-8.1fixed 1.3.19-8.1
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped wi
- affected < 1.3.19-5.1fixed 1.3.19-5.1
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack po