CVE-2024-28960

Опубликовано: 29 мар. 2024

Источник: redhat

CVSS3: 5.3

Описание

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

Отчет

This vulnerability affects products that use Mbed TLS to provide an implementation of the PSA Crypto API with domain isolation between API callers (“client application”) and the API implementation (“crypto server”), where communication is done through shared memory. Applications that use Mbed TLS as a library inside their own process space are not affected.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-653

https://bugzilla.redhat.com/show_bug.cgi?id=2272172mbedtls: Insecure handling of shared memory in PSA Crypto APIs

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-28960

CVSS3: 8.2

ubuntu

почти 2 года назад

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

CVE-2024-28960

CVSS3: 8.2

nvd

почти 2 года назад

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

CVE-2024-28960

CVSS3: 8.2

msrc

около 1 года назад

Описание отсутствует

CVE-2024-28960

CVSS3: 8.2

debian

почти 2 года назад

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28. ...

GHSA-6h48-8w2f-5w94

CVSS3: 8.2

github

почти 2 года назад

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

5.3 Medium

CVSS3