CVE-2018-0488

Priority
Description
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the
truncated HMAC extension and CBC are used, allows remote attackers to
execute arbitrary code or cause a denial of service (heap corruption) via a
crafted application packet within a TLS or DTLS session.
Notes
Package
Upstream:released (2.7.0-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.2.1-2ubuntu0.3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.7.0-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.7.0-2)
Ubuntu 20.04 (Focal Fossa):not-affected (2.7.0-2)
Package
Upstream:released (1.3.9-2.1+deb8u3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-02-06 16:15:44 UTC (commit 1c7e8723b79fd57b280f3a0eeda90c82f0a3889b)