ID CVE-2018-9988
Description ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
CVSS
  • Score: 5.0
  • Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
  • Availability: PARTIAL
  • Confidentiality: not affected
  • Integrity: not affected
CWE-ID CWE-119
Last Modified Sept. 26, 2018
Available Solutions Apply upgrade of mbed TLS to at least version 2.1.11
Apply upgrade of Mbed tls to at least version 2.8.0

CPE-ID

Application Name/CPE-IDVendorProductVersionList of Vulnerabilities
Arm Mbed_tls 1.3.0 arm mbed tls 1.3.0 5 Vulnerabilties for Arm Mbed_tls 1.3.0
Arm Mbed_tls 1.3.1 arm mbed tls 1.3.1 5 Vulnerabilties for Arm Mbed_tls 1.3.1
Arm Mbed_tls 1.3.10 arm mbed tls 1.3.10 7 Vulnerabilties for Arm Mbed_tls 1.3.10
Arm Mbed_tls 1.3.11 arm mbed tls 1.3.11 7 Vulnerabilties for Arm Mbed_tls 1.3.11
Arm Mbed_tls 1.3.12 arm mbed tls 1.3.12 7 Vulnerabilties for Arm Mbed_tls 1.3.12
Arm Mbed_tls 1.3.13 arm mbed tls 1.3.13 9 Vulnerabilties for Arm Mbed_tls 1.3.13
Arm Mbed_tls 1.3.14 arm mbed tls 1.3.14 7 Vulnerabilties for Arm Mbed_tls 1.3.14
Arm Mbed_tls 1.3.15 arm mbed tls 1.3.15 7 Vulnerabilties for Arm Mbed_tls 1.3.15
Arm Mbed_tls 1.3.16 arm mbed tls 1.3.16 7 Vulnerabilties for Arm Mbed_tls 1.3.16
Arm Mbed_tls 1.3.17 arm mbed tls 1.3.17 7 Vulnerabilties for Arm Mbed_tls 1.3.17
Arm Mbed_tls 1.3.18 arm mbed tls 1.3.18 8 Vulnerabilties for Arm Mbed_tls 1.3.18
Arm Mbed_tls 1.3.19 arm mbed tls 1.3.19 7 Vulnerabilties for Arm Mbed_tls 1.3.19
Arm Mbed_tls 1.3.19 rc1 arm mbed tls 1.3.19 rc1 6 Vulnerabilties for Arm Mbed_tls 1.3.19 rc1
Arm Mbed_tls 1.3.2 arm mbed tls 1.3.2 5 Vulnerabilties for Arm Mbed_tls 1.3.2
Arm Mbed_tls 1.3.20 arm mbed tls 1.3.20 7 Vulnerabilties for Arm Mbed_tls 1.3.20
Arm Mbed_tls 1.3.21 arm mbed tls 1.3.21 7 Vulnerabilties for Arm Mbed_tls 1.3.21
Arm Mbed_tls 1.3.21 rc1 arm mbed tls 1.3.21 rc1 6 Vulnerabilties for Arm Mbed_tls 1.3.21 rc1
Arm Mbed_tls 1.3.22 arm mbed tls 1.3.22 4 Vulnerabilties for Arm Mbed_tls 1.3.22
Arm Mbed_tls 1.3.22 rc1 arm mbed tls 1.3.22 rc1 4 Vulnerabilties for Arm Mbed_tls 1.3.22 rc1
Arm Mbed_tls 1.3.3 arm mbed tls 1.3.3 5 Vulnerabilties for Arm Mbed_tls 1.3.3
Arm Mbed_tls 1.3.4 arm mbed tls 1.3.4 5 Vulnerabilties for Arm Mbed_tls 1.3.4
Arm Mbed_tls 1.3.5 arm mbed tls 1.3.5 5 Vulnerabilties for Arm Mbed_tls 1.3.5
Arm Mbed_tls 1.3.6 arm mbed tls 1.3.6 5 Vulnerabilties for Arm Mbed_tls 1.3.6
Arm Mbed_tls 1.3.7 arm mbed tls 1.3.7 5 Vulnerabilties for Arm Mbed_tls 1.3.7
Arm Mbed_tls 1.3.8 arm mbed tls 1.3.8 6 Vulnerabilties for Arm Mbed_tls 1.3.8
Arm Mbed_tls 1.3.9 arm mbed tls 1.3.9 6 Vulnerabilties for Arm Mbed_tls 1.3.9
Arm Mbed_tls 2.0.0 arm mbed tls 2.0.0 6 Vulnerabilties for Arm Mbed_tls 2.0.0
Arm Mbed_tls 2.1.0 arm mbed tls 2.1.0 8 Vulnerabilties for Arm Mbed_tls 2.1.0
Arm Mbed_tls 2.1.1 arm mbed tls 2.1.1 10 Vulnerabilties for Arm Mbed_tls 2.1.1
Arm Mbed_tls 2.1.10 arm mbed tls 2.1.10 4 Vulnerabilties for Arm Mbed_tls 2.1.10
Arm Mbed_tls 2.1.10 rc1 arm mbed tls 2.1.10 rc1 4 Vulnerabilties for Arm Mbed_tls 2.1.10 rc1
Arm Mbed_tls 2.1.2 arm mbed tls 2.1.2 8 Vulnerabilties for Arm Mbed_tls 2.1.2
Arm Mbed_tls 2.1.3 arm mbed tls 2.1.3 8 Vulnerabilties for Arm Mbed_tls 2.1.3
Arm Mbed_tls 2.1.4 arm mbed tls 2.1.4 8 Vulnerabilties for Arm Mbed_tls 2.1.4
Arm Mbed_tls 2.1.5 arm mbed tls 2.1.5 8 Vulnerabilties for Arm Mbed_tls 2.1.5
Arm Mbed_tls 2.1.6 arm mbed tls 2.1.6 8 Vulnerabilties for Arm Mbed_tls 2.1.6
Arm Mbed_tls 2.1.7 arm mbed tls 2.1.7 7 Vulnerabilties for Arm Mbed_tls 2.1.7
Arm Mbed_tls 2.1.7 rc1 arm mbed tls 2.1.7 rc1 6 Vulnerabilties for Arm Mbed_tls 2.1.7 rc1
Arm Mbed_tls 2.1.8 arm mbed tls 2.1.8 7 Vulnerabilties for Arm Mbed_tls 2.1.8
Arm Mbed_tls 2.1.9 arm mbed tls 2.1.9 7 Vulnerabilties for Arm Mbed_tls 2.1.9
Arm Mbed_tls 2.1.9 rc1 arm mbed tls 2.1.9 rc1 6 Vulnerabilties for Arm Mbed_tls 2.1.9 rc1
Arm Mbed_tls 2.7.0 arm mbed tls 2.7.0 5 Vulnerabilties for Arm Mbed_tls 2.7.0
Arm Mbed_tls 2.7.0 rc1 arm mbed tls 2.7.0 rc1 4 Vulnerabilties for Arm Mbed_tls 2.7.0 rc1
Arm Mbed_tls 2.7.1 arm mbed tls 2.7.1 4 Vulnerabilties for Arm Mbed_tls 2.7.1
Arm Mbed_tls 2.8.0 rc1 arm mbed tls 2.8.0 rc1 4 Vulnerabilties for Arm Mbed_tls 2.8.0 rc1
Similar vulnerabilities

Pre-Condition

<set operator="and">
  <set operator="or">
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.2"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.3"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.4"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.5"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.6"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.7"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.8"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.9"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.10"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.11"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.12"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.13"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.14"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.15"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.16"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.17"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.18"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.19"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.19:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.20"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.21"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.21:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.22"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.22:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.0.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.2"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.3"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.4"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.5"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.6"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.7"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.7:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.8"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.9"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.9:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.10"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.10:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.7.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.7.0:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.7.1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.8.0:rc1"/>
  </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

								

Post-Condition

<set operator="and">
  <set operator="or">
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.2"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.3"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.4"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.5"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.6"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.7"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.8"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.9"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.10"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.11"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.12"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.13"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.14"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.15"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.16"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.17"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.18"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.19"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.19:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.20"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.21"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.21:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.22"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:1.3.22:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.0.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.2"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.3"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.4"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.5"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.6"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.7"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.7:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.8"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.9"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.9:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.10"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.1.10:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.7.0"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.7.0:rc1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.7.1"/>
      <prop key="application" value="cpe:/a:arm:mbed_tls:2.8.0:rc1"/>
  </set>
  <set operator="or">
      <prop key="program_influence" value="input"/>
      <prop key="program_influence" value="existence"/>
  </set>
    <prop key="range" value="remote"/>
</set>