CVE-2024-28960

2024-03-2906:15:07

Google

osv.dev

mbed tls

mbed crypto

psa crypto api

shared memory issue

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

CPENameOperatorVersion
mbedtlseq2.16.10-r1
mbedtlseq2.28.5-r3
mbedtlseq2.28.3-r0
mbedtlseq2.28.0-r1
mbedtlseq2.28.7-r3
mbedtlseq2.11.0-r0
mbedtlseq2.16.12-r1
mbedtlseq2.2.1-r0
mbedtlseq2.6.1-r0
mbedtlseq2.16.0-r0

Name	Operator	Version
mbedtls	eq	2.16.10-r1
mbedtls	eq	2.28.5-r3
mbedtls	eq	2.28.3-r0
mbedtls	eq	2.28.0-r1
mbedtls	eq	2.28.7-r3
mbedtls	eq	2.11.0-r0
mbedtls	eq	2.16.12-r1
mbedtls	eq	2.2.1-r0
mbedtls	eq	2.6.1-r0
mbedtls	eq	2.16.0-r0