Описание
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-0488
- https://security.gentoo.org/glsa/201804-19
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
- https://usn.ubuntu.com/4267-1
- https://www.debian.org/security/2018/dsa-4138
- https://www.debian.org/security/2018/dsa-4147
- http://www.securityfocus.com/bid/103057
Связанные уязвимости
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...