Lucene search
RedhatCVELIST:CVE-2021-3446HistoryMar 25, 2021 - 6:45 p.m.
CVE-2021-3446
2021-03-2518:45:25
CWE-327
redhat
www.cve.org
9
vulnerability
libtpms
data confidentiality
openssl
encryption
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
CNA Affected
[
{
"product": "libtpms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libtpms 0.8.2"
}
]
}
]Related
openvas
openvas
Fedora: Security Advisory for libtpms (FEDORA-2021-8b584e5ebb)
2021-03-20 00:00:00
Mageia: Security Advisory (MGASA-2021-0590)
2022-01-28 00:00:00
nvd
nvd
CVE-2021-3446
2021-03-25 19:15:14
redhatcve
redhatcve
CVE-2021-3446
2021-03-16 20:29:01
prion
prion
Design/Logic Flaw
2021-03-25 19:15:00
ubuntucve
ubuntucve
CVE-2021-3446
2021-03-25 00:00:00
osv
osv
CVE-2021-3446
2021-03-25 19:15:14
fedora
fedora
[SECURITY] Fedora 34 Update: libtpms-0.8.2-0.20210301git729fc6a4ca.fc34.1
2021-03-19 20:24:24
debiancve
debiancve
CVE-2021-3446
2021-03-25 19:15:14
cve
cve
CVE-2021-3446
2021-03-25 19:15:14
nessus
nessus
RHEL 8 : 8.3_libtpms (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : libtpms (Unpatched Vulnerability)
2024-05-11 00:00:00
mageia
mageia
Updated libtpms/swtpm packages fix security vulnerability
2021-12-30 19:41:51