AVG-617

Package mbedtls
Status Fixed
Severity High
Type arbitrary code execution
Affected 2.6.0-1
Fixed 2.7.0-1
Current 2.16.0-1 [community]
Ticket None
Created Thu Feb 15 23:23:46 2018
Issue Severity Remote Type Description
CVE-2018-0488 High Yes Arbitrary code execution
ARM mbed TLS before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2018-0487 High Yes Arbitrary code execution
ARM mbed TLS before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain...
Date Advisory Package Description
24 Feb 2018 ASA-201802-15 mbedtls arbitrary code execution