Vulnerability Database
296,747
Total vulnerabilities in the database
CVE-2018-9989
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
| Software | From | Fixed in |
|---|---|---|
| arm / mbed_tls | 2.8.0-rc1 | 2.8.0-rc1.x |
| arm / mbed_tls | 2.7.0 | 2.7.2 |
| arm / mbed_tls | - | 2.1.11 |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 9.0 | 9.0.x |
- https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
- https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
- https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime