Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3446

Опубликовано: 01 мар. 2021
Источник: redhat
CVSS3: 5.1
EPSS Низкий

Описание

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

A flaw was found in libtpms. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Отчет

The versions of libtpms as shipped with Red Hat Enterprise Linux 8 Advanced Virtualization are affected by this issue. A future update may fix the code.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/libtpmsWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.3/libtpmsWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/libtpmsAffected
Red Hat Enterprise Linux 9libtpmsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-327
https://bugzilla.redhat.com/show_bug.cgi?id=1939664libtpms: return of wrong initialization vector when certain symmetric ciphers are used

EPSS

Процентиль: 10%
0.00035
Низкий

5.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3446

CVSS3: 5.5
ubuntu
почти 5 лет назад

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

nvd логотип

CVE-2021-3446

CVSS3: 5.5
nvd
почти 5 лет назад

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

debian логотип

CVE-2021-3446

CVSS3: 5.5
debian
почти 5 лет назад

A flaw was found in libtpms in versions before 0.8.2. The commonly use ...

github логотип

GHSA-3cfm-94xc-h7hp

CVSS3: 5.5
github
больше 3 лет назад

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

EPSS

Процентиль: 10%
0.00035
Низкий

5.1 Medium

CVSS3