CVE-2018-19608

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

References

Affected packages

Git / github.com/armmbed/mbedtls

Affected ranges

Type

GIT

Repo

https://github.com/armmbed/mbedtls

Events

Introduced

0a0c22e0efcf2f8f71d7e16712f80b8f77326f72

Fixed

85a5bbc24a9311431c665eaa02f5dee09689fa37

Introduced

32605dc83042d737e715a685e53176388d73540e

Fixed

2297157dd6236e4a5c2f46c84c401599ef639cf5

Introduced

556d7d9e3b09157555310466a47e25a9ebfd8f4e

Fixed

60fbd5bdf05c223b641677204469b53c2ff39d4e

Database specific

{
    "versions": [
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.17"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.8"
        },
        {
            "introduced": "2.14.0"
        },
        {
            "fixed": "2.14.1"
        }
    ]
}

Affected versions

mbedtls-2.*

mbedtls-2.1.0

mbedtls-2.1.1

mbedtls-2.1.10

mbedtls-2.1.11

mbedtls-2.1.11-rc1

mbedtls-2.1.12

mbedtls-2.1.13

mbedtls-2.1.14

mbedtls-2.1.15

mbedtls-2.1.16

mbedtls-2.1.2

mbedtls-2.1.3

mbedtls-2.1.4

mbedtls-2.1.5

mbedtls-2.1.6

mbedtls-2.1.8

mbedtls-2.1.9

mbedtls-2.1.9-rc1

mbedtls-2.14.0

mbedtls-2.7.0

mbedtls-2.7.1

mbedtls-2.7.2

mbedtls-2.7.2-rc1

mbedtls-2.7.3

mbedtls-2.7.4

mbedtls-2.7.5

mbedtls-2.7.6

mbedtls-2.7.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19608.json"