CVE-2024-28960

2024-03-2906:15:07

Debian Security Bug Tracker

security-tracker.debian.org

psa crypto api

unix

cve-2024-28960

security vulnerability

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.6%

JSON

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

OSVersionArchitecturePackageVersionFilename
Debian12allmbedtls<= 2.28.3-1mbedtls_2.28.3-1_all.deb
Debian11allmbedtls<= 2.16.9-0.1mbedtls_2.16.9-0.1_all.deb
Debian10allmbedtls<= 2.16.0-1mbedtls_2.16.0-1_all.deb
Debian999allmbedtls< 2.28.8-1mbedtls_2.28.8-1_all.deb
Debian13allmbedtls< 2.28.8-1mbedtls_2.28.8-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	mbedtls	<= 2.28.3-1	mbedtls_2.28.3-1_all.deb
Debian	11	all	mbedtls	<= 2.16.9-0.1	mbedtls_2.16.9-0.1_all.deb
Debian	10	all	mbedtls	<= 2.16.0-1	mbedtls_2.16.0-1_all.deb
Debian	999	all	mbedtls	< 2.28.8-1	mbedtls_2.28.8-1_all.deb
Debian	13	all	mbedtls	< 2.28.8-1	mbedtls_2.28.8-1_all.deb