Your submission was sent successfully! Close

CVE-2018-0487

Published: 13 February 2018

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
mbedtls
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2.7.0-2)
cosmic Not vulnerable
(2.7.0-2)
disco Not vulnerable
(2.7.0-2)
eoan Not vulnerable
(2.7.0-2)
precise Does not exist

trusty Does not exist

upstream
Released (2.7.0-2)
xenial
Released (2.2.1-2ubuntu0.3)
polarssl
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

precise Does not exist

trusty Does not exist
(trusty was need-triage)
upstream
Released (1.3.9-2.1+deb8u3)
xenial Does not exist