VDB

GCVE-VVD-MAGEIA-2018-432

GCVE-VVD-MAGEIA-2018-432
Advisory Published
Vulnetix · Advisory published November 3, 2018
Updated mbedtls package fixes security vulnerabilities: Fixed a vulnerability in the TLS ciphersuites based on use of CBC and SHA-384 in DTLS/TLS 1.0 to 1.2, that allowed an active network attacker to partially recover the plaintext of messages under certains conditions by exploiting timing side-channels (CVE-2018-0497). Fixed a vulnerability in TLS ciphersuites based on CBC, in DTLS/TLS 1.0 to 1.2, that allowed a local attacker, with the ability to execute code on the local machine as well as to manipulate network packets, to partially recover the plaintext of messages under certain conditions (CVE-2018-0498). Fixed an issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing (no CVE assigned).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiambedtls0 (affected), 2.7.6-1.mga6 (unaffected)

Aliases

CVE-2018-0497CVE-2018-0498

Transitive aliases

GSD-2018-0497CNVD-2021-59608GSD-2018-0498CNVD-2021-59609GHSA-pxhv-jv3r-8j7fGHSA-f3f3-2pmh-mpg9

References

Updated mbedtls packages fix security vulnerabilities
advisory
Updated mbedtls packages fix security vulnerabilities
issue
Updated mbedtls packages fix security vulnerabilities
issue
Updated mbedtls packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›