What is CVE-2018-9988?

CVE-2018-9988 is a vulnerability in ARM mbed TLS before versions 2.1.11, 2.7.2, and 2.8.0 that could cause a crash on invalid input due to a buffer over-read in ssl_parse_server_key_exchange().

How severe is CVE-2018-9988?

CVE-2018-9988 has a severity score of 7.5 (high).

What software is affected by CVE-2018-9988?

ARM mbed TLS versions before 2.1.11, before 2.7.2, and before 2.8.0 are affected, as well as Debian Debian Linux 8.0 and 9.0.

How can CVE-2018-9988 be fixed?

To fix CVE-2018-9988, users should update to ARM mbed TLS version 2.1.11, 2.7.2, or 2.8.0, or apply the appropriate patches provided by the vendor.

Where can I find more information about CVE-2018-9988?

More information about CVE-2018-9988 can be found in the following references: [Link 1](https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1), [Link 2](https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215), [Link 3](https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html)

Vulnerability/
CVE-2018-9988

high

7.5

CWE

125

10/4/2018

5/8/2024

CVE-2018-9988

First published: Tue Apr 10 2018(Updated: )

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ARM mbed TLS	<2.1.11
ARM mbed TLS	>=2.7.0<2.7.2
ARM mbed TLS	=2.8.0-rc1
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0

Remedy

https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1

Remedy

https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-9988?
CVE-2018-9988 is a vulnerability in ARM mbed TLS before versions 2.1.11, 2.7.2, and 2.8.0 that could cause a crash on invalid input due to a buffer over-read in ssl_parse_server_key_exchange().
How severe is CVE-2018-9988?
CVE-2018-9988 has a severity score of 7.5 (high).
What software is affected by CVE-2018-9988?
ARM mbed TLS versions before 2.1.11, before 2.7.2, and before 2.8.0 are affected, as well as Debian Debian Linux 8.0 and 9.0.
How can CVE-2018-9988 be fixed?
To fix CVE-2018-9988, users should update to ARM mbed TLS version 2.1.11, 2.7.2, or 2.8.0, or apply the appropriate patches provided by the vendor.
Where can I find more information about CVE-2018-9988?
More information about CVE-2018-9988 can be found in the following references: [Link 1](https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1), [Link 2](https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215), [Link 3](https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html)

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/remedy
agent/tags
collector/mitre-cve
source/MITRE
vendor/arm
canonical/arm mbed tls
version/arm mbed tls/2.7.0
version/arm mbed tls/2.8.0-rc1
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.