CVE-2018-1000061

NameCVE-2018-1000061
DescriptionARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mbedtls (PTS)stretch (security), stretch2.4.2-1+deb9u3vulnerable
buster, sid2.14.1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mbedtlssource(unstable)(unfixed)unimportant

Notes

https://github.com/ARMmbed/mbedtls/issues/1356
Non-issue as further analysis has shown and issue in progress to be rejected

Search for package or bug name: Reporting problems