What is CVE-2018-9989?

CVE-2018-9989 is a vulnerability in ARM mbed TLS before version 2.1.11, before version 2.7.2, and before version 2.8.0 that could cause a crash on invalid input due to a buffer over-read in ssl_parse_server_psk_hint().

How severe is CVE-2018-9989?

CVE-2018-9989 has a severity value of 7.5, which is considered high.

What software versions are affected by CVE-2018-9989?

ARM mbed TLS versions before 2.1.11, before 2.7.2, and before 2.8.0 are affected by CVE-2018-9989.

How can I fix CVE-2018-9989?

To fix CVE-2018-9989, it is recommended to update ARM mbed TLS to version 2.1.11 or later.

Which CWE category does CVE-2018-9989 belong to?

CVE-2018-9989 belongs to CWE category 125, which is Buffer Over-read.

Vulnerability/
CVE-2018-9989

high

7.5

CWE

125

10/4/2018

5/8/2024

CVE-2018-9989

First published: Tue Apr 10 2018(Updated: )

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ARM mbed TLS	<2.1.11
ARM mbed TLS	>=2.7.0<2.7.2
ARM mbed TLS	=2.8.0-rc1
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0

Remedy

https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e

Remedy

https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-9989?
CVE-2018-9989 is a vulnerability in ARM mbed TLS before version 2.1.11, before version 2.7.2, and before version 2.8.0 that could cause a crash on invalid input due to a buffer over-read in ssl_parse_server_psk_hint().
How severe is CVE-2018-9989?
CVE-2018-9989 has a severity value of 7.5, which is considered high.
What software versions are affected by CVE-2018-9989?
ARM mbed TLS versions before 2.1.11, before 2.7.2, and before 2.8.0 are affected by CVE-2018-9989.
How can I fix CVE-2018-9989?
To fix CVE-2018-9989, it is recommended to update ARM mbed TLS to version 2.1.11 or later.
Which CWE category does CVE-2018-9989 belong to?
CVE-2018-9989 belongs to CWE category 125, which is Buffer Over-read.

collector/nvd-index
agent/references
agent/weakness
agent/tags
agent/type
agent/event
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/softwarecombine
agent/remedy
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/arm
canonical/arm mbed tls
version/arm mbed tls/2.7.0
version/arm mbed tls/2.8.0-rc1
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.