vulnerability
FreeBSD: VID-F4876DD4-9CA8-11E8-AA17-0011D823EEBD (CVE-2018-0498): mbed TLS -- plaintext recovery vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:N/C:P/I:N/A:N) | Jul 24, 2018 | Aug 11, 2018 | May 7, 2019 |
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
Jul 24, 2018
Added
Aug 11, 2018
Modified
May 7, 2019
Description
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
Solution
freebsd-upgrade-package-mbedtls
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.