Candidate: CVE-2018-9988
PublicDate: 2018-04-10 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9988
 https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
 https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215
 https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
Description:
 ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer
 over-read in ssl_parse_server_key_exchange() that could cause a crash on
 invalid input.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_mbedtls:
upstream_mbedtls: released (2.8.0-1)
precise/esm_mbedtls: DNE
trusty_mbedtls: DNE
trusty/esm_mbedtls: DNE
xenial_mbedtls: ignored (end of standard support, was needed)
artful_mbedtls: ignored (reached end-of-life)
bionic_mbedtls: not-affected (2.8.0-1)
cosmic_mbedtls: ignored (reached end-of-life)
disco_mbedtls: not-affected (2.8.0-1)
eoan_mbedtls: not-affected (2.8.0-1)
focal_mbedtls: not-affected (2.8.0-1)
groovy_mbedtls: not-affected (2.8.0-1)
hirsute_mbedtls: not-affected (2.8.0-1)
impish_mbedtls: not-affected (2.8.0-1)
jammy_mbedtls: not-affected (2.8.0-1)
devel_mbedtls: not-affected (2.8.0-1)

Patches_polarssl:
upstream_polarssl: needs-triage
precise/esm_polarssl: DNE
trusty_polarssl: ignored (reached end-of-life)
trusty/esm_polarssl: DNE (trusty was needs-triage)
xenial_polarssl: DNE
artful_polarssl: DNE
bionic_polarssl: DNE
cosmic_polarssl: DNE
disco_polarssl: DNE
eoan_polarssl: DNE
focal_polarssl: DNE
groovy_polarssl: DNE
hirsute_polarssl: DNE
impish_polarssl: DNE
jammy_polarssl: DNE
devel_polarssl: DNE