Описание
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.7.0-2 |
| cosmic | not-affected | 2.7.0-2 |
| devel | not-affected | 2.7.0-2 |
| disco | not-affected | 2.7.0-2 |
| eoan | not-affected | 2.7.0-2 |
| esm-apps/bionic | not-affected | 2.7.0-2 |
| esm-apps/xenial | released | 2.2.1-2ubuntu0.3 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needs-triage |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
7.5 High
CVSS2
9.8 Critical
CVSS3