CVE-2018-5383

6.8 MEDIUM

Published: August 07, 2018 Modified: March 05, 2026

Description

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.cs.technion.ac.il/~biham/BT/

Source: cret@cert.org

Mitigation Third Party Advisory

http://www.securityfocus.com/bid/104879

Source: cret@cert.org

Third Party Advisory VDB Entry Broken Link

http://www.securitytracker.com/id/1041432

Source: cret@cert.org

Third Party Advisory VDB Entry Broken Link

https://access.redhat.com/errata/RHSA-2019:2169

Source: cret@cert.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html

Source: cret@cert.org

Mailing List

https://usn.ubuntu.com/4094-1/

Source: cret@cert.org

Third Party Advisory

https://usn.ubuntu.com/4095-1/

Source: cret@cert.org

Third Party Advisory

https://usn.ubuntu.com/4095-2/

Source: cret@cert.org

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Source: cret@cert.org

Third Party Advisory

https://usn.ubuntu.com/4351-1/

Source: cret@cert.org

Third Party Advisory

https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update

Source: cret@cert.org

Vendor Advisory Broken Link

https://www.kb.cert.org/vuls/id/304725

Source: cret@cert.org

Third Party Advisory

http://www.cs.technion.ac.il/~biham/BT/

Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation Third Party Advisory

http://www.securityfocus.com/bid/104879

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry Broken Link

http://www.securitytracker.com/id/1041432

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry Broken Link

https://access.redhat.com/errata/RHSA-2019:2169

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://usn.ubuntu.com/4094-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4095-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4095-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4351-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory Broken Link

https://www.kb.cert.org/vuls/id/304725

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.8 / 10.0

EPSS (Exploit Probability)

0.2%

38th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-325 CWE-347

Affected Vendors

apple google ti

Related CVEs

CVE-2026-33136 9.3

CVE-2026-33135 9.3

CVE-2026-33134 9.3

CVE-2026-33133 N/A

CVE-2026-33132 5.3