Your submission was sent successfully! Close

CVE-2018-0497

Published: 28 July 2018

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
mbedtls
Launchpad, Ubuntu, Debian
bionic Needed

cosmic Not vulnerable
(2.12.0-1)
disco Not vulnerable
(2.12.0-1)
eoan Not vulnerable
(2.12.0-1)
focal Not vulnerable
(2.12.0-1)
groovy Not vulnerable
(2.12.0-1)
hirsute Not vulnerable
(2.12.0-1)
impish Not vulnerable
(2.12.0-1)
jammy Not vulnerable
(2.12.0-1)
precise Does not exist

trusty Does not exist

upstream
Released (2.12.0-1)
xenial
Released (2.2.1-2ubuntu0.3)
polarssl
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream
Released (1.3.9-2.1+deb8u4)
xenial Does not exist