ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in sslparseserverkeyexchange() that could cause a crash on invalid input.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "233533454219406490390061696350408919024", "56484956550389749533093667307607617125", "40390773951587925798454177479524955136" ], "threshold": 0.9 }, "signature_type": "Line", "signature_version": "v1", "id": "CVE-2018-9988-43fb1513", "target": { "file": "library/ssl_cli.c" }, "source": "https://github.com/mbed-tls/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215", "deprecated": false }, { "digest": { "length": 8504.0, "function_hash": "76443332738644645351952461628534168042" }, "signature_type": "Function", "signature_version": "v1", "id": "CVE-2018-9988-d3a3e59d", "target": { "file": "library/ssl_cli.c", "function": "ssl_parse_server_key_exchange" }, "source": "https://github.com/mbed-tls/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215", "deprecated": false } ] }