Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2018-19608

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

  • Published: Dec 5, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-19608
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.7
  • AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 1.9
  • AV:L/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
arm / mbed_tls 2.7.0 2.7.8
arm / mbed_tls 2.1.0 2.1.17
arm / mbed_tls 2.14.0 2.14.1