CVE-2018-0487
Published: 13 February 2018
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
Priority
High
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
mbedtls Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
(2.7.0-2)
|
|
| cosmic |
Not vulnerable
(2.7.0-2)
|
|
| disco |
Not vulnerable
(2.7.0-2)
|
|
| eoan |
Not vulnerable
(2.7.0-2)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.7.0-2)
|
|
| xenial |
Released
(2.2.1-2ubuntu0.3)
|
|
|
polarssl Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was need-triage)
|
|
| upstream |
Released
(1.3.9-2.1+deb8u3)
|
|
| xenial |
Does not exist
|