CVE-2021-32032

Опубликовано: 21 мая 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.

Ссылки

https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9
Mailing List
Patch
Third Party Advisory
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst
Exploit
Third Party Advisory
https://www.trustedfirmware.org
Vendor Advisory
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9
Mailing List
Patch
Third Party Advisory
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst
Exploit
Third Party Advisory
https://www.trustedfirmware.org
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linaro:trusted_firmware-m:*:*:*:*:*:*:*:*

Версия до 1.3.0 (включая)

EPSS

Процентиль: 68%

0.0056

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-401

Связанные уязвимости

GHSA-2wjw-pc5m-j29q

github

больше 3 лет назад