{"id":"CVE-2018-9988","details":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.","modified":"2026-04-16T01:37:45.625550611Z","published":"2018-04-10T19:29:00.260Z","related":["openSUSE-SU-2018:1039-1","openSUSE-SU-2018:1041-1"],"references":[{"type":"ADVISORY","url":"https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1"},{"type":"ADVISORY","url":"https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html"},{"type":"ADVISORY","url":"https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released"},{"type":"FIX","url":"https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1"},{"type":"FIX","url":"https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mbed-tls/mbedtls","events":[{"introduced":"0"},{"fixed":"027f84c69f4ef30c0693832a6c396ef19e563ca1"},{"introduced":"0"},{"fixed":"a1098f81c252b317ad34ea978aea2bc47760b215"}]}],"versions":["beta-oob-2","list","mbedos-16.01-release","mbedos-16.03-release","mbedos-2016q1-oob1","mbedos-2016q1-oob2","mbedos-2016q1-oob3","mbedos-release-15-11","mbedos-techcon-oob2","mbedtls-1.3.10","mbedtls-1.4-dtls-preview","mbedtls-2.0.0","mbedtls-2.1.0","mbedtls-2.1.1","mbedtls-2.1.2","mbedtls-2.2.0","mbedtls-2.2.1","mbedtls-2.3.0","mbedtls-2.4.0","mbedtls-2.5.0","mbedtls-2.5.1","mbedtls-2.6.0","mbedtls-2.6.0-rc1","mbedtls-2.7.0","mbedtls-2.7.0-rc1","polarssl-1.2.0","polarssl-1.2.1","polarssl-1.2.2","polarssl-1.2.3","polarssl-1.2.4","polarssl-1.2.5","polarssl-1.2.6","polarssl-1.3.0","polarssl-1.3.0-rc0","polarssl-1.3.1","polarssl-1.3.2","polarssl-1.3.3","polarssl-1.3.4","polarssl-1.3.5","polarssl-1.3.6","polarssl-1.3.7","polarssl-1.3.8","polarssl-1.3.9","yotta-2.2.1","yotta-2.2.2","yotta-2.2.3","yotta-2.3.0","yotta-2.3.1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2018-9988-43fb1513","signature_version":"v1","deprecated":false,"target":{"file":"library/ssl_cli.c"},"signature_type":"Line","source":"https://github.com/mbed-tls/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215","digest":{"line_hashes":["233533454219406490390061696350408919024","56484956550389749533093667307607617125","40390773951587925798454177479524955136"],"threshold":0.9}},{"id":"CVE-2018-9988-4d2fe0f3","signature_version":"v1","deprecated":false,"target":{"file":"library/ssl_cli.c"},"signature_type":"Line","source":"https://github.com/mbed-tls/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1","digest":{"line_hashes":["40390773951587925798454177479524955136","233557313143411844596687656495997824922","139334063042468566397505368396940106530","229043678886504611548731213413437725144"],"threshold":0.9}},{"id":"CVE-2018-9988-d3a3e59d","signature_version":"v1","deprecated":false,"target":{"function":"ssl_parse_server_key_exchange","file":"library/ssl_cli.c"},"signature_type":"Function","source":"https://github.com/mbed-tls/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215","digest":{"length":8504,"function_hash":"76443332738644645351952461628534168042"}},{"id":"CVE-2018-9988-d4de87ce","signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"function":"ssl_parse_server_key_exchange","file":"library/ssl_cli.c"},"source":"https://github.com/mbed-tls/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1","digest":{"length":8732,"function_hash":"221937009738997935641169211938580408167"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-9988.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}