What is GHSA-vqf5-9m3g-rhvm?

GHSA-vqf5-9m3g-rhvm is a security advisory published by GitHub Security Advisories with Medium severity. Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker...

Which CVE IDs does GHSA-vqf5-9m3g-rhvm cover?

GHSA-vqf5-9m3g-rhvm covers the following CVE IDs: CVE-2018-19608. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vqf5-9m3g-rhvm?

GHSA-vqf5-9m3g-rhvm has a CVSS v3 base score of 4.7, published by GitHub Security Advisories.

GHSA-vqf5-9m3g-rhvmMediumCVSS 4.7

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker...

Vendor

GitHub Security Advisories

Published

May 13, 2022

Last Modified

June 5, 2026

🔗 CVE IDs covered (1)

CVE-2018-19608 →

📋 Description

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2018-19608
https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
http://cat.eyalro.net
https://github.com/advisories/GHSA-vqf5-9m3g-rhvm