ALT-PU-2015-2061-1
Closed vulnerabilities
BDU:2019-00068
Уязвимость реализации протоколов TLS и SSL программного обеспечения Mbed TLS, связанная с локальной синхронизацией при расшифровке RSA, позволяющая нарушителю получить доступ к защищаемой информации
Modified: 2024-11-21
CVE-2017-2784
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
- http://www.talosintelligence.com/reports/TALOS-2017-0274/
- http://www.talosintelligence.com/reports/TALOS-2017-0274/
- GLSA-201706-18
- GLSA-201706-18
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
Modified: 2024-11-21
CVE-2018-19608
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
- http://cat.eyalro.net/
- http://cat.eyalro.net/
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
- https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
Modified: 2024-11-21
CVE-2018-9988
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
- https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
- https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
- https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215
- https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215
- [debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update
- [debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update
- [debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update
- [debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
Modified: 2024-11-21
CVE-2018-9989
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
- https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
- https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
- https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
- https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
- [debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update
- [debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update
- [debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update
- [debian-lts-announce] 20211123 [SECURITY] [DLA 2826-1] mbedtls security update
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released