Wind River Support Network

HomeDefectsLIN8-9576
Fixed

LIN8-9576 : Security Advisory - mbedtls - CVE-2018-0497

Created: Aug 1, 2018    Updated: Dec 21, 2018
Resolved Date: Oct 29, 2018
Found In Version: 8.0.0.26
Fix Version: 8.0.0.28
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497

Other Downloads

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube