CVE-2018-0487
Published: 13 February 2018
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
mbedtls Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
bionic |
Not vulnerable
(2.7.0-2)
|
|
cosmic |
Not vulnerable
(2.7.0-2)
|
|
disco |
Not vulnerable
(2.7.0-2)
|
|
eoan |
Not vulnerable
(2.7.0-2)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.7.0-2)
|
|
xenial |
Released
(2.2.1-2ubuntu0.3)
|
|
polarssl Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was need-triage)
|
|
upstream |
Released
(1.3.9-2.1+deb8u3)
|
|
xenial |
Does not exist
|