mbedtls

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Portable cryptographic and SSL/TLS library, aka polarssl
Version 2.7.0-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-617 2.6.0-1 2.7.0-1 High Fixed
AVG-198 2.4.0-1 2.4.2-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2018-0488 AVG-617 High Yes Arbitrary code execution
ARM mbed TLS before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2018-0487 AVG-617 High Yes Arbitrary code execution
ARM mbed TLS before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain...
CVE-2017-2784 AVG-198 Critical Yes Arbitrary code execution
A security issue has been found in mbed TLS < 2.4.2. If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an...

Advisories

Date Advisory Group Severity Description
20 Mar 2017 ASA-201703-16 AVG-198 Critical arbitrary code execution