{"id":"CVE-2018-9988","details":"ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.","modified":"2026-03-15T22:22:15.531917Z","published":"2018-04-10T19:29:00.260Z","related":["MGASA-2018-0253","openSUSE-SU-2018:1039-1","openSUSE-SU-2018:1041-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html"},{"type":"ADVISORY","url":"https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released"},{"type":"FIX","url":"https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1"},{"type":"FIX","url":"https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/armmbed/mbedtls","events":[{"introduced":"0"},{"fixed":"1c986a9859f9456af999d16ba5056914669689fc"},{"introduced":"32605dc83042d737e715a685e53176388d73540e"},{"fixed":"9ae1fba869657bea7ec419412b1c26ed59eb7cd3"},{"introduced":"0"},{"last_affected":"79a5e72719cb23daee6e0e55f7b85659bb3a89b8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.11"},{"introduced":"2.7.0"},{"fixed":"2.7.2"},{"introduced":"0"},{"last_affected":"2.8.0-rc1"}]}},{"type":"GIT","repo":"https://github.com/mbed-tls/mbedtls","events":[{"introduced":"0"},{"fixed":"027f84c69f4ef30c0693832a6c396ef19e563ca1"},{"fixed":"a1098f81c252b317ad34ea978aea2bc47760b215"}]}],"versions":["beta-oob-2","list","mbedos-16.01-release","mbedos-16.03-release","mbedos-2016q1-oob1","mbedos-2016q1-oob2","mbedos-2016q1-oob3","mbedos-release-15-11","mbedos-techcon-oob2","mbedtls-1.3.10","mbedtls-1.4-dtls-preview","mbedtls-2.0.0","mbedtls-2.1.0","mbedtls-2.1.1","mbedtls-2.1.2","mbedtls-2.2.0","mbedtls-2.2.1","mbedtls-2.3.0","mbedtls-2.4.0","mbedtls-2.5.0","mbedtls-2.5.1","mbedtls-2.6.0","mbedtls-2.6.0-rc1","mbedtls-2.7.0","mbedtls-2.7.0-rc1","mbedtls-2.8.0-rc1","polarssl-1.2.0","polarssl-1.2.1","polarssl-1.2.2","polarssl-1.2.3","polarssl-1.2.4","polarssl-1.2.5","polarssl-1.2.6","polarssl-1.3.0","polarssl-1.3.0-rc0","polarssl-1.3.1","polarssl-1.3.2","polarssl-1.3.3","polarssl-1.3.4","polarssl-1.3.5","polarssl-1.3.6","polarssl-1.3.7","polarssl-1.3.8","polarssl-1.3.9","yotta-2.2.1","yotta-2.2.2","yotta-2.2.3","yotta-2.3.0","yotta-2.3.1"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["233533454219406490390061696350408919024","56484956550389749533093667307607617125","40390773951587925798454177479524955136"]},"id":"CVE-2018-9988-43fb1513","target":{"file":"library/ssl_cli.c"},"deprecated":false,"source":"https://github.com/mbed-tls/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215","signature_type":"Line","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["40390773951587925798454177479524955136","233557313143411844596687656495997824922","139334063042468566397505368396940106530","229043678886504611548731213413437725144"]},"id":"CVE-2018-9988-4d2fe0f3","target":{"file":"library/ssl_cli.c"},"deprecated":false,"source":"https://github.com/mbed-tls/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1","signature_type":"Line","signature_version":"v1"},{"digest":{"length":8504,"function_hash":"76443332738644645351952461628534168042"},"id":"CVE-2018-9988-d3a3e59d","target":{"function":"ssl_parse_server_key_exchange","file":"library/ssl_cli.c"},"deprecated":false,"source":"https://github.com/mbed-tls/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215","signature_type":"Function","signature_version":"v1"},{"digest":{"length":8732,"function_hash":"221937009738997935641169211938580408167"},"id":"CVE-2018-9988-d4de87ce","target":{"function":"ssl_parse_server_key_exchange","file":"library/ssl_cli.c"},"deprecated":false,"source":"https://github.com/mbed-tls/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1","signature_type":"Function","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-9988.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}