CVE-2018-1000520: ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed...
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.29271%
CWE
Published
5/13/2022
Updated
2/1/2023
KEV Status
No
Technology
-
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information mentions that the vulnerability is in mbedtls_ssl_get_verify_result()
in ARM mbedTLS version 2.7.0 and earlier. However, without access to the specific commit or patch that addresses this vulnerability (CVE-2018-1000520), it is not possible to definitively identify the vulnerable functions and provide concrete evidence from the code changes. The GitHub issue (https://github.com/ARMmbed/mbedtls/issues/1561) describes the problem but does not link to a fixing commit. An attempt to fetch a commit URL (e9282950326f8a37c9311e11510390117001a993) failed with a 404 error. Therefore, due to the lack of patch information, I cannot confidently identify the vulnerable functions as per the task guidelines.