CVE-2018-19608
- Source
- https://cve.org/CVERecord?id=CVE-2018-19608
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19608.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-19608
- Downstream
- Related
- Published
- 2018-12-05T22:29:00.490Z
- Modified
- 2026-03-01T02:08:01.632205Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
- References
Affected packages
Git / github.com/armmbed/mbedtls
Affected versions
mbedos-16.*
mbedos-16.01-release
mbedos-16.03-release
Other
mbedos-2016q1-oob1
mbedos-2016q1-oob2
mbedos-2016q1-oob3
mbedos-release-15-11
mbedos-techcon-oob2
mbedtls-2.*
mbedtls-2.1.0
mbedtls-2.1.1
mbedtls-2.1.10
mbedtls-2.1.11
mbedtls-2.1.11-rc1
mbedtls-2.1.12
mbedtls-2.1.13
mbedtls-2.1.14
mbedtls-2.1.15
mbedtls-2.1.16
mbedtls-2.1.2
mbedtls-2.1.3
mbedtls-2.1.4
mbedtls-2.1.5
mbedtls-2.1.6
mbedtls-2.1.7
mbedtls-2.1.7-rc1
mbedtls-2.1.8
mbedtls-2.1.9
mbedtls-2.1.9-rc1
mbedtls-2.10.0
mbedtls-2.11.0
mbedtls-2.12.0
mbedtls-2.13.0
mbedtls-2.13.1
mbedtls-2.14.0
mbedtls-2.2.0
mbedtls-2.2.1
mbedtls-2.3.0
mbedtls-2.4.0
mbedtls-2.5.0
mbedtls-2.5.1
mbedtls-2.6.0
mbedtls-2.6.0-rc1
mbedtls-2.7.0
mbedtls-2.7.0-rc1
mbedtls-2.7.1
mbedtls-2.7.2
mbedtls-2.7.2-rc1
mbedtls-2.7.3
mbedtls-2.7.4
mbedtls-2.7.5
mbedtls-2.7.6
mbedtls-2.7.7
mbedtls-2.8.0
mbedtls-2.8.0-rc1
mbedtls-2.9.0
yotta-2.*
yotta-2.2.1
yotta-2.2.2
yotta-2.2.3
yotta-2.3.0
yotta-2.3.1