Vulnerability Name:

CVE-2017-18187

Assigned:2018-02-14
Published:2018-02-14
Updated:2018-02-19
Summary:In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
CVSS v3 Severity:
CVSS v2 Severity:
References:Source: BID
Type: UNKNOWN
103055

Source: CONFIRM
Type: UNKNOWN
https://github.com/ARMmbed/mbedtls/blob/master/ChangeLog

Source: CONFIRM
Type: UNKNOWN
https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28

Oval Definitions
Definition IDClassTitleLast Modified
oval:com.ubuntu.artful:def:201718187000
V
CVE-2017-18187 on Ubuntu 17.10 (artful) - untriaged.
2018-02-14
oval:com.ubuntu.trusty:def:201718187000
V
CVE-2017-18187 on Ubuntu 14.04 LTS (trusty) - untriaged.
2018-02-14
oval:com.ubuntu.xenial:def:201718187000
V
CVE-2017-18187 on Ubuntu 16.04 LTS (xenial) - untriaged.
2018-02-14
BACK