CVE-2024-28960

2024-03-2906:15:07

Alpine Linux Development Team

security.alpinelinux.org

mbed tls

mbed crypto

psa crypto api

memory mishandling

cve-2024-28960

unix

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchmbedtls2< 2.28.8-r0UNKNOWN
Alpineedge-mainnoarchmbedtls< 2.28.8-r0UNKNOWN
Alpine3.16-mainnoarchmbedtls< 2.28.8-r0UNKNOWN
Alpine3.17-mainnoarchmbedtls< 2.28.8-r0UNKNOWN
Alpine3.18-mainnoarchmbedtls< 2.28.8-r0UNKNOWN
Alpine3.19-mainnoarchmbedtls< 2.28.8-r0UNKNOWN
Alpine3.20-communitynoarchmbedtls2< 2.28.8-r0UNKNOWN
Alpine3.20-mainnoarchmbedtls< 2.28.8-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	mbedtls2	< 2.28.8-r0	UNKNOWN
Alpine	edge-main	noarch	mbedtls	< 2.28.8-r0	UNKNOWN
Alpine	3.16-main	noarch	mbedtls	< 2.28.8-r0	UNKNOWN
Alpine	3.17-main	noarch	mbedtls	< 2.28.8-r0	UNKNOWN
Alpine	3.18-main	noarch	mbedtls	< 2.28.8-r0	UNKNOWN
Alpine	3.19-main	noarch	mbedtls	< 2.28.8-r0	UNKNOWN
Alpine	3.20-community	noarch	mbedtls2	< 2.28.8-r0	UNKNOWN
Alpine	3.20-main	noarch	mbedtls	< 2.28.8-r0	UNKNOWN