Wind River Support Network

HomeDefectsLIN9-7255
Fixed

LIN9-7255 : Security Advisory - mbedtls - CVE-2018-0497

Created: Aug 1, 2018    Updated: Dec 23, 2018
Resolved Date: Oct 31, 2018
Found In Version: unknown
Fix Version: 9.0.0.19
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497

Other Downloads

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube