vulnerability
FreeBSD: VID-C2F107E1-2493-11E8-B3E8-001CC0382B2F (CVE-2018-0487): mbed TLS (PolarSSL) -- remote code execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 5, 2018 | Mar 11, 2018 | May 7, 2019 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 5, 2018
Added
Mar 11, 2018
Modified
May 7, 2019
Description
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
Solution(s)
freebsd-upgrade-package-mbedtlsfreebsd-upgrade-package-polarssl13
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.