VulnerableCode Package Details - pkg:deb/ubuntu/mbedtls@2.8.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-3s5y-zubs-aaab Aliases: CVE-2018-0498	ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.	2.12.0-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5kj3-xdpr-aaaf Aliases: CVE-2019-18222	The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.	2.16.4-1ubuntu2 Affected by 0 other vulnerabilities.
VCID-7mdz-n5xr-aaam Aliases: CVE-2019-16910	Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)	2.16.4-1ubuntu2 Affected by 0 other vulnerabilities.
VCID-j24c-3huf-aaah Aliases: CVE-2018-0497	ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.	2.12.0-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sdw8-s8qf-aaac Aliases: CVE-2018-19608	Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.	2.16.4-1ubuntu2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3s5y-zubs-aaab
Aliases:
CVE-2018-0498

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

2.12.0-1
Affected by 3 other vulnerabilities.

VCID-5kj3-xdpr-aaaf
Aliases:
CVE-2019-18222

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.

2.16.4-1ubuntu2
Affected by 0 other vulnerabilities.

VCID-7mdz-n5xr-aaam
Aliases:
CVE-2019-16910

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)

2.16.4-1ubuntu2
Affected by 0 other vulnerabilities.

VCID-j24c-3huf-aaah
Aliases:
CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

2.12.0-1
Affected by 3 other vulnerabilities.

VCID-sdw8-s8qf-aaac
Aliases:
CVE-2018-19608

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

2.16.4-1ubuntu2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3bwz-revc-aaab	In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.	CVE-2017-18187
VCID-pzw4-3yg7-aaae	ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.	CVE-2018-9989
VCID-swp4-9rhk-aaaf	ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.	CVE-2018-9988

Vulnerability

Summary

Aliases

VCID-3bwz-revc-aaab

In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.

CVE-2017-18187

VCID-pzw4-3yg7-aaae

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

CVE-2018-9989

VCID-swp4-9rhk-aaaf

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

CVE-2018-9988

Next non-vulnerable version	2.16.4-1ubuntu2
Latest non-vulnerable version	2.16.4-1ubuntu2
Risk	4.0