Gentoo FoundationMGASA-2018-0253Updated mbedtls packages fix security issues
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
72.9%
CVE-2018-9988: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. CVE-2018-9989: ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 6 | noarch | bctoolbox | < 0.2.0-4.2 | bctoolbox-0.2.0-4.2.mga6 |
| Mageia | 6 | noarch | hiawatha | < 10.4-1.2 | hiawatha-10.4-1.2.mga6 |
| Mageia | 6 | noarch | mbedtls | < 2.7.3-1 | mbedtls-2.7.3-1.mga6 |
| Mageia | 6 | noarch | shadowsocks-libev | < 3.1.0-1.2 | shadowsocks-libev-3.1.0-1.2.mga6 |
| Mageia | 6 | noarch | dolphin-emu | < 5.0-5.2 | dolphin-emu-5.0-5.2.mga6.tainted |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
72.9%