CVE-2018-19608

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-19608
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-19608.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-19608
Downstream
Related
Published
2018-12-05T22:29:00Z
Modified
2025-10-18T09:36:22.166077Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

References

Affected packages

Git / github.com/armmbed/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/armmbed/mbedtls
Events
Introduced
0a0c22e0efcf2f8f71d7e16712f80b8f77326f72
Fixed
85a5bbc24a9311431c665eaa02f5dee09689fa37

Affected versions

mbedtls-2.*

mbedtls-2.1.0
mbedtls-2.1.1
mbedtls-2.1.10
mbedtls-2.1.11
mbedtls-2.1.11-rc1
mbedtls-2.1.12
mbedtls-2.1.13
mbedtls-2.1.14
mbedtls-2.1.15
mbedtls-2.1.16
mbedtls-2.1.2
mbedtls-2.1.3
mbedtls-2.1.4
mbedtls-2.1.5
mbedtls-2.1.6
mbedtls-2.1.7
mbedtls-2.1.7-rc1
mbedtls-2.1.8
mbedtls-2.1.9
mbedtls-2.1.9-rc1

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
32605dc83042d737e715a685e53176388d73540e
Fixed
2297157dd6236e4a5c2f46c84c401599ef639cf5

Affected versions

mbedtls-2.*

mbedtls-2.7.0
mbedtls-2.7.1
mbedtls-2.7.2
mbedtls-2.7.2-rc1
mbedtls-2.7.3
mbedtls-2.7.4
mbedtls-2.7.5
mbedtls-2.7.6
mbedtls-2.7.7