Описание
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.7.0 (исключая)
cpe:2.3:o:linaro:op-tee:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
CVSS3: 9.1
debian
больше 4 лет назад
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...
github
больше 3 лет назад
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
EPSS
Процентиль: 42%
0.00203
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-327